Recent events have revealed that cryptographic keys and digital certificates aren’t being used in an effective way. First, there was the DarkHotel campaign that targeted several traveling executives by taking advantage of misused digital certificates. Then the WireLurker malware Trojan allowed hackers to upload software onto iOS devices using compromised keys and certificates. This has to stop.
The infosec industry needs to wake up. Millions have been spent on keys and certificates to protect networks, data, and apps from being compromised, yet hackers already know how to get around them. The trust on digital systems for banking, mobile apps, and businesses is based on these certificates and keys, so change is needed in order to maintain that trust. For a full article on this topic, click here:: The Week When Attacks Started Winning the War On Trust