Internet of crap (encryption): IoT gear is generating easy-to-crack keys

The team believes that the reason for this poor entropy is down to IoT devices. Because the embedded gear is often based on very low-power hardware, the devices are unable to properly generate random numbers.

The recommendation is that IoT hardware vendors step up their security efforts to improve the entropy of these devices and make sure that their hardware is able to properly set up secure connections.

"Using a single cloud-hosted virtual machine and a well-studied algorithm, over 1 in 200 certificates using these keys can be compromised in a matter of days."