Users of Raspberry Pi mini computers could be exposed to security issues due to a vulnerability in the operating system. The so-called vulnerability, as a developer has pointed out, leads the device to generate predictable secure shell (SSH) keys. Raspberry Pi Ltd confirmed the aforementioned limitation in Raspbian to us, and said that it is likely to fix that in a future release.
The flaw has been flagged by a developer who goes by the alias “oittaa” on the official Raspberry Pi forum. As per the claims, Raspbian, a Linux-based operating system that powers the miniature computer, doesn’t utilise a hardware random generator. This in turn, results in the generation of predictable SSH host keys on the first boot.
From a security standpoint, a generator should be able to churn out unpredictable numbers into an entropy pool, the randomness collected by an operating system or application. Because the engine isn’t using a hardware random generator, it significantly limits the amount of entropy that can be generated. To put things into perspective, Windows operating system uses a variety of sources such as the number of free bytes in memory and combines it with a random seed to create sophisticated random numbers.
Generation of weak SSH host keys makes the device vulnerable to man-in-the-middle attack. SSH, for those unfamiliar, is an open protocol for security network communications to safeguard communications and prevent unauthorised file transfers.
As per oittaa, as soon as a system starts up “systemd-random-seed tries to seed /dev/urandom, but /var/lib/systemd/random-seed is missing, because it hasn’t been created yet. /etc/rc2.d/S01regeneratesshhost_keys is executed, but /dev/urandom pool doesn’t have that much entropy at this point and predictable SSH host keys will be created.” He further noted that all existing Raspbian software releases including the November 2015 release are exposed to the aforementioned vulnerability.
“It’s certainly a real issue,” Sam Bowne, Computer Networking and Ethical Hacking faculty at City College, San Francisco told Gadgets 360, pointing us to a Black Ops talk by security researcher Dan Kaminsky. You can check out the presentation (page 25 onwards describes how Linux handles SSH keys generation and the limitations we face today).
“Hardware random number generators might be better, but it’s difficult to be sure that they are as random as they claim to be. One possible threat is that the NSA could have weakened them to make them more predictable,” Bowne added. “These concerns were taken so seriously that FreeBSD decided to avoid using Intel’s hardware RNG.
Raspberry Pi Ltd confirmed to us that Raspbian doesn’t utilise a hardware random generator, but noted that the company is likely to implement this feature in future. “The researcher is concerned about how much entropy has accumulated in the pool at the point where keys are generated on first boot, though it’s not clear from the report how much entropy is present (and therefore how predictable the SSH keys actually are).” Eben Upton, CEO, Raspberry Pi Ltd told Gadgets 360 in an email statement Tuesday. “We’re likely to make some changes to future OS releases, in particular enabling the hardware random number generator, which is a good source of entropy.”
Users concerned about it could consider manually regenerating keys, Upton advises. “Users might want to consider manually regenerating keys if they are particularly concerned.”