Researchers found a critical vulnerability in hardware random number generators used in billions of IoT devices.
The issue pertains to hardware random number generators that fail to generate secure codes which put the devices at risk of exploitation.
“It turns out that these ‘randomly’ chosen numbers aren’t always as random as you’d like when it comes to IoT devices,” Bishop Fox researchers Dan Petro and Allan Cecil wrote in a report. “In fact, in many cases, devices are choosing encryption keys of 0 or worse. This can lead to a catastrophic collapse of security for any upstream use.”
Random number generation is a process that enables various cryptographic mechanisms, such as key generation, salting, and nonces. On traditional operating systems, it uses a cryptographically secure pseudorandom number generator (CSPRNG) and entropy that’s derived from a reliable seed source.
For the Internet of Things devices, this is typically a system-on-a-chip that houses a true random number generator (TRNG) peripheral which derives entropy from physical processes or phenomenа.
The researchers noted that the manner in which a peripheral is current invoked is not reliable, and can run out of entropy. This produces predictable numbers and even crypto keys consisting of zeros.
“The HAL function to the RNG peripheral can fail for a variety of reasons, but by far the most common (and exploitable) is that the device has run out of entropy,” the researchers noted. “Hardware RNG peripherals pull entropy out of the universe through a variety of means (such as analog sensors or EMF readings) but don’t have it in infinite supply.
“They’re only capable of producing so many random bits per second. If you try calling the RNG HAL function when it doesn’t have any random numbers to give you, it will fail and return an error code. Thus, if the device tries to get too many random numbers too quickly, the calls will begin to fail.”
The issue is unique to the Internet of Things since they don’t have an operating system that supports randomization. This is because they typically don’t have an API for this type of thing.
Although the issues can be easily fixed with software updates, the ideal approach would be to implement a CSPRNG API that compiles entropy from diverse sources and doesn’t ignore error conditions, researchers said.
“One of the hard parts about this vulnerability is that it’s not a simple case of ‘you zigged where you should have zagged’ that can be patched easily,” the researchers said. “In order to remediate this issue, a substantial and complex feature has to be engineered into the IoT device.”