MID-033: Unique Factory Preinstalled Secret Keys

Mitigation Tier: Intermediate

Description

Using unique keys lowers the risk to devices because the compromise of one device will not reveal keys used on other devices. If keys are not unique, threat actors that can extract a key from one device may be able to leverage that key across multiple devices. Therefore, if unique keys per device are used, threat actors have less opportunities to exploit devices before patches are available when one device is compromised.

IEC 62443 4-2 Mappings

• CR 1.2 – Software process and device identification and authentication - (1) Unique identification and authentication

References

[1] Apple. “Apple Platform Security.” apple.com. Accessed: Aug. 26, 2024. [Online]. Available: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

MID-033