There’s a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion devices worldwide.
Basically, every IoT device with a hardware random number generator (RNG) contains a serious vulnerability whereby it fails to properly generate random numbers, which undermines security for any upstream use.
At DEF CON 29, Bishop Fox’s Dan Petro and Allan Cecil shared eye-opening research revealing this potentially catastrophic problem. They wrote code for many popular IoT SoC platforms to extract gigabytes of data from their hardware RNGs and analyzed them. What they found was a systemic minefield of vulnerabilities in almost every platform that could undermine IoT security.
Something needs to change in how the Internet of Things does RNG. The vulnerabilities are widespread, and the attacks are practical.
Watch this on-demand webcast to:
- Journey behind the scenes with the Bishop Fox research team as they delve into murky design specs, opaque software libraries, and lots of empirical results.
- Explore the research findings and discover the truth behind how IoT does RNG.
- Learn strategies to reduce the risks.