Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Cryptographic keys protecting SSH connections stolen in new attack

Representational image of internet connections against a cityscape.

Hackers can eavesdrop on some endpoints’ SSH connections and use the information flowing there to deduce the hosts’ private RSA keys, which can then be used to impersonate the device - a textbook example of a man-in-the-middle attack - but not steal login credentials. 

These are the findings published in “Passive SSH Key Compromise via Lattices”, a new research paper published by Keegan Ryan, Kaiwen He, George Arnold Sullivan, and Nadia Heninger of the University of California, San Diego. For the uninitiated, Secure Shell (SSH) connections are remote encrypted connections established between the user’s endpoint and a server. 

As per the report, as the SSH connection is being established, there is a very, very slight chance of computational errors. These errors can be observed and used to calculate the SSH server’s private host RSA key. 


"Crappy" middleboxes affected

While the above might sound groundbreaking, other researchers, as well as the media, don’t sound too impressed. In its writeup, The Register stressed that software libraries OpenSSL and LibreSSL (and thus OpenSSH), are not known to be vulnerable to the method described in the paper. “That means, in our view, the vast majority of devices, servers, and other equipment on the internet are not at risk, and what you're left with is some Internet-of-Things and similar embedded gear susceptible to attack. It also only affects RSA keys.”

Cybersecurity expert Thomas Ptacek wrote a summary on Ycombinator saying, among other things, that the only endpoints vulnerable to this method are “crappy middleboxes from Zyxel, Mocana, apparently a rare subset of Cisco devices, and whatever "SSH-2.0-SSHD" is (the authors don't know either).”

Cisco said its ASA and FTD software fixed the issue a year ago, and that it was working on mitigations for IOS and IOS XE software even before the paper was published. Zyxel, on the other hand, said the method can only be used on firmware that reached end-of-life.

For those interested in learning more, the full 15-page paper can be found on this link

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.