Researchers JD Kilgallin and Ross Vasko from Keyfactor analyzed more than 75 million active RSA keys across the Internet, discovering that 1 in every 172 digital certificates using these keys are vulnerable to an attack known as ‘factoring.’
How does it work?
RSA public keys are the product of two large, randomly generated prime factors. If you collect public keys from the Internet and find any two that share the same factor, you can crack the corresponding private key. In this case, researchers were able to break nearly 250,000 keys corresponding to about 435,000 digital certificates.
Most of these vulnerable certificates were found on network appliances such as routers and firewalls, and emerging IoT devices. As more and more of these devices are connected to your network, the risk of poorly generated RSA keys increases the likelihood of exposure.