This article is more than 1 year old
Shodan boss finds 250,000 routers have common keys
Sky, BT and TalkTalk routers may be rotten, but the pain is worse in Spain
More than 250,000 routers used in Spain, and thousands more used in other countries, are using the same SSH key says Shodan kingpin John Matherly.
The routers appear to be sold by Telefónica de España, according to Matherly, and are pre-configured with a single operating system image.
The gaffe means the probable small percentage of routers configured for remote access may be open to attackers who discover the corresponding SSH private key.
Telefónica de España has been contacted for comment.
Matherly said the routers appear to be pre configured before deployment.
"It looks like all devices with the fingerprint are Dropbear SSH instances that have been deployed by Telefónica de España," Matherly said in a post.
"It appears that some of their networking equipment comes setup with SSH by default, and the manufacturer decided to re-use the same operating system image across all devices."
Matherly found separate batches of 200,000 and 150,000 devices running the same SSH keys in what he describes as "systemic issues" for hardware manufacturers and telcos.
A Reddit user commenting on the research reports shared fingerprints in the UK return 11,5061, 7,875, and 2,224 instances of duplicates they said were linked to telcos Sky Broadband, TalkTalk and BT Plusnet. ®