Hundreds Of Thousands Of Home Routers Have SSH Key Vulneribilty
John Matherly, creator of the Shodan website, has found that the same public SSH key is being used by 250,000 devices on the Telefónica de España network as well as 22,000 more devices in Taiwan, China, USA, and the Caribbean. Another SSH key is being used by 150,000 devices It is suspected that the manufacture or ISP used the same software image in all the routers. The devices on the Telefónica de España network are running a small SSH app called Dropbear SSH. The USRobotics USR9108 Wireless MAXg ADSL2+ Gateway does come with Dropbear SSH installed but it is not clear if this device in question.
The bigger question is why SSH is on these devices in the first place. For a home use device changes to settings are usually perfomred by an SSL or password protected web page served from the device. It is possible this is for remote administration by the vendor or the ISP. Since so many devices share the same SSH key there is no way to tell individual devices apart except for the IP address it is connected with to the Internet… which is not a good security practice.
What is really interesting is this is not the only SSH key duplicated in bulk on the Internet. According to John after running a simple python script you can extract the top 1000 SSH keys used from Shodan. Here is the top 20:
Link to John Matherly’s Blog article: https://blog.shodan.io/duplicate-ssh-keys-everywhere/