Black Hat , Cybercrime , Events

How SSH Flaws Expose Vulnerabilities, Endanger Enterprises

Rob King of runZero on SSH Misconfiguration and Best Practices for SSH Security
Rob King, director, security research, runZero

Secure Shell is a critical component in network security, providing secure access for system administration and file transfers. Although SSH is a well-designed and secure protocol by nature, its implementation across various systems often falls short, leading to vulnerabilities. These issues are not due to flaws in the protocol but stem from how it is deployed, configured and maintained by users, according to Rob King, director of security research at runZero.

See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware

SSH misconfigurations led to numerous security breaches, such as a backdoor being placed within the XZ library, compromising SSH daemons on certain Linux systems. In another example, runZero attempted to track the cyberattacker nicknamed "geot tan" by scanning SSH servers worldwide for a specific public key associated with the attacker. Although the search led to false positives, "we found tens of thousands of vulnerable devices that were not using SSH correctly," King said.

King advised developers or enterprises who use SSH to "always use public key authentication." While some systems use public key authentication, King said "they still have passwords enabled," thereby exposing them to brute force attacks and password guessing. He said enterprises should implement multifactor and certificate-based authentication methods for better management and security.

In this video interview with Information Security Media Group at Black Hat 2024, King also discussed:

  • The evolution of SSH vulnerabilities;
  • How "address space layout randomization" has influenced the exploitation difficulty of vulnerabilities in SSH implementations;
  • The renaissance of code forges and their security implications;

King is responsible for overseeing security research projects, analyzing vulnerabilities and developing strategies to mitigate risks associated with OT environments. He has more than 20 years of experience and expertise in threat detection, incident response and security architecture.


About the Author

Aseem Jakhar

Aseem Jakhar

Co-Founder, EXPLIoT

Jakhar is the co-founder of EXPLIoT. He founded null - an open security community platform in Asia. He also organizes Nullcon and hardwear.io security conferences.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.