Real SSL certificate on our firmware

Posted December 7, 2015 by David Redekop to Feature Security

Securing the world of Internet communications with self-signed SSL certificates has had an unintended consequence:

invalid certificate

We would like to undo this. The reasons why prosumer-grade or even commercial-grade routers have never done this is two-fold:

  1. The nature of manual firmware upgrade cycles. Manufacturers have traditionally waited for the end-user to download and apply firmware upgrades.
  2. Certificates have an actual expiry date. Therefore, if the end-user does not upgrade the certificate (i.e. firmware), the certificate expires, in which case it’s even worse than a self-signed or unsigned certificate as some browsers don’t even allow for an override to continue.

Since DNSthingy firmware in prosumer gateways are upgraded without the option of opting out, it opened the door for us to include a real SSL certificate and at the very least contribute to the undoing of the comfort level of self-signed or unsigned certificates. When you access the gateway of any of our ASUS routers flashed with DNSthingy firmware and inspect the SSL certificate, this is what you will see:

mybox.management certificate

We recognize that this approach could be analyzed as a weakness insomuch as reverse engineers could capture the private key off any of our firmware devices. That means in combination with DNS poisoning in a man-in-the-middle scenario + possession of the private key, our domain mybox.management could be abused. However, the domain mybox.management is used nowhere else except on the devices themselves, and is irrelevant to our device-to-controller communications. From our perspective, the upside is dramatically more pronounced than the down-side.

In related news, we salute the efforts of letsencrypt.org‘s sponsors to make SSL everywhere more accessible and affordable. Beta is now open to the public.