Kinda misleading headline.
It’s not a flaw in RSA, but the lack of entropy in lightweight devices without many inputs. ECC would have basically the same problem.
Maybe “random number generation flaw” would be more accurate.
I’m not surprised. RSA is deprecated as a public key method in openssh. There’s no reiable implementation anywhere. Seems like IoT manufacturers consider security as an afterthought. Anyone pushing for anything other than ed25519 just wants to decrease your security footing
This is why my house is free of IOT devices
Their lack of security is not new.
How will you know when your toast is done? Unless you get a notification from an app, there is no way to be certain. Schrödinger’s toast bro.
Laundry finished?
Expired milk in the fridge?
Toothbrush bristles need replacing?
Their is no way to know, might as well live in a cave and bang rocks together.
No problem the S in IoT stands for security
¯\(ツ)/¯