It looks like a lot of devices might be using insecure certificates. This is especially troubling for IoT devices which are more likely to share factors because of poor implementation of cryptography…:
A vulnerability has been discovered in RSA certificates that could compromise one in every 172 certificates currently in active use.
On Saturday at the First IEEE Conference on Trust, Privacy, and Security in Intelligent Systems and Applications in Los Angeles, Calfornia, a team of researchers from Keyfactor presented their findings into the security posture of digital certificates, ZDNet reported:
Keyfactor mined the 175 million keys to identify common factors in random number generation and found that one in every 172 active keys online shares a factor with one another. The security of RSA, however, relies on the inability to determine two prime numbers from which the RSA public key is derived.
Discovery of these “prime factors” can be used to compromise certificates, the team says, potentially risking the security of devices using RSA certificates.
Over 435,000 certificates were found to have a shared factor, allowing the researchers to rederive private keys.