Jump to content

CSR Harmony Wireless Software Stack injects weak root certificate into trust store


Recommended Posts

I was quite surprised as I saw too very suspicious root certificates in my CA store.

These were installed by a Bluetooth driver from CSR. Obviously this enables interception of HTTPS connections if the private key is found.




Additionally it injected certs into the "trusted publisher store", which means it can also fake digital signatures.

The worst thing are the certificates itself - they are 1024bit RSA certificates, which are very insecure, so that it may be possible to crack the public key and get out the private key.



More information here: https://pastemarkdown.com/Su5Ch

And here you can see how it injects it: https://vimeo.com/rugkme/csrharmonyrootcert

Edited by rugk
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...