The aftereffects of KRACK attacks have not been vanished completely and we are witnessing yet another DUHK (Don’t Use Hard-Coded Keys) attack. Yes, you read it correctly. We are talking about DUKH Crypto attack that exposes VPN connection through recovering encryption keys. The story does not end here; this is because the attack leaves online privacy of the users highly vulnerable.
The first factor is all about the application of the ANSI X9.31 Random Number Generator (RNG). This algorithm takes random number data and produces encryption keys. These encryption keys are used to protect the VPN connections, users’ browsing sessions and other crucial data. The second factor relates to the seed key that is the key hardware vendors use for the ANSI X9.31 RNG algorithm.
If your product combines both ANSI X9.31 and hardcoded seed key, attackers can decrypt all the communication that takes place on the device. This includes all the confidential information like username, password, credit card data, and others that you secure through the help of a VPN.
Old Fortinet Fortigate Devices are Vulnerable to DUHK Attacks
The Fortinet Fortigate devices that use FortiOS 4.3.0 to FortiOS 220.127.116.11 can become an easy target of DUHK attacks. Moreover, there were 23000 older Fortinet 4.x devices exposed online. In addition, the attack does need any user interaction. The attacker using a latest system can recover the encryption key within four minutes per connection.
What Should I Do to Secure Myself?
You need to take proactive measure to secure yourself from the DUHK attack. Here is the list of precautionary measures you can take. These are:
- Cryptographic software developer should not use X9.31 Random Number Generator
- Update your products on a regular basis to comply with the latest standards
- Improve the overall encryption standards to the required level
- The vendors must produce a random seed key at device startup or before initiating the ANSI X9.31 algorithm