Cleveland, Ohio, December 16, 2019 -- Keyfactor, a provider in securing digital identities, announced research findings identifying a vulnerability across active RSA certificates. RSA certificates and the RSA algorithm are commonly used to securely transmit data to a remote source. Using minimal computing resources, researchers were able to collect and analyze 175 million RSA certificates and keys used to protect real-world Internet traffic.
"The findings are alarming," said Ted Shorter, chief technology officer and co-founder at Keyfactor. "The research finds inordinate rates of compromise impacting IoT devices with design constraints and limited entropy. These devices could include cars, medical implants and other critical devices, that if compromised, could result in life-impacting harm."
The active and publicly available RSA keys (which consist of the product of two large, randomly chosen primes) were mined to identity common factors. Any keys sharing one of their prime factors with another key are compromised by this technique. The analysis found over 435,000 certificates with a shared factor, with researchers able to rederive the private key.
"In a real-world attack scenario, a threat actor with a re-derived private key for an SSL/TLS server certificate could impersonate that server when devices attempt to connect," said JD Kilgallin, senior integration engineer and researcher at Keyfactor. "The connecting user or device cannot distinguish the attacker from the legitimate certificate holder, opening the door to critical device malfunction or exposure of sensitive data."
When these devices include medical implants and cars, the impact of the malfunction can be devastating. The research stresses the importance of security best practices, random number generation for connected systems and use of cryptography to securely install firmware and software updates through the lifecycle of the device.
"Security at design is paramount for device manufacturers," said Shorter. "Current-generation connected devices and systems must be equipped to defend against a new generation of security risks. Cryptography is essential in ensuring new and emerging devices are able to adhere to and scale with security best practices."
Founded in 2001, Keyfactor is a market leader in comprehensive digital security management.
About MRB PR:
MRB PR is a public relations company.
Published: Tuesday, December 17, 2019
Agara is an autonomous virtual voice agent powered by Real-time Voice AI. It is designed to have intelligent conversations with your customers, vendors, and partners without any assistance from human agents. It can handle a wide variety of calls including inbound customer care calls, outbound lead generation calls, appointment scheduling calls, and overdue payment recovery calls.
Agara is available for several industries including banking, insurance, retail, e-commerce, airlines, and telecom. Powered by advanced Real-time Voice AI that understands speech in real-time, automatically determines the right process to follow and guides the caller along in the process with natural conversation.
EVA Voice Biometrics
Powered by Auraya's patented ArmorVox engine, EVA is a voice biometric extension that provides secure and seamless identification & verification capabilities for Amazon Connect. EVA provides delightful customer experience by removing the friction of providing PINs, passwords or secret information in order to prove caller identity. EVA comes standard with active and passive modes and a simple yet powerful agent interface. This allows for personalised self-service and a more friendly and efficient experience when interacting with an agent.
Outdated security methods such as PINs, passwords and security questions have become insecure and unreliable. Forgetting passwords and security answers o...
UniCloud™ is an intuitive platform that allows Enterprises to deploy and manage their Unified Communication (UC) and Contact Center (CC) services with ease and entire provisioning can be completed in seconds using this comprehensive tool supporting digital transformation. The latest release 7.0 of UniCloud™ is a multi-tenant platform that transforms the delivery, management, and integration of collaboration and contact center solutions, for both Cloud and On-Premise deployment models.
With its single-pane-of-glass views and quick provisioning tool, UniCloud™ is instrumental in reducing the time to provision an entire multi-cluster Cisco collaboration platform, including contact centers (C...
Automated Language Testing
Emmersion offers automated assessments to quickly and accurately test speaking, writing, and grammar fluency in 9 languages and counting. We help contact centers improve CSAT scores by screening for top talent and retaining top performers.
SPEED & PLUS
The SPEED solution solves for service level issues while cost optimizing the environment with automation.
Provides an enhanced way to speed up & optimize invoking temporary agent skills configuration changes into the contact center environment.
Speed allows you to schedule both future changes & temporary changes that auto-revert back to the original state when scheduled time expires.
*Automated / Scheduled Temporary Agent Skills Configuration Management
*Immediate Temporary or Reoccurring Schedule Skills Configuration Changes
*Easy to Use/Operations Administration Focused
*Descriptive Monitoring Activity Dashboard
*Detailed “End to End’ Audit Trail and Perfor...