Dan Petro, Lead Researcher, and Allan Cecil, Security Consultant, from Bishop Fox join Dave to share their research “You’re Doing IoT RNG,” that they presented at DefCon 29. There’s a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion devices worldwide. Basically, every IoT device with a hardware random number generator (RNG) contains a serious vulnerability whereby it fails to properly generate random numbers, which undermines security for any upstream use. In order to perform most security-relevant operations, computers need to generate secrets via an RNG. These secrets then form the basis of cryptography, access controls, authentication, and more. The details of exactly how and why these secrets are generated varies for each use.
The research can be found here: