MID-033: Unique and Unpredictable Factory Preinstalled Secret Keys

Mitigation Level: Intermediate

Description

Using unique and unpredictable keys lowers the risk to devices because the compromise of one device will not reveal keys used on other devices. If keys are not unique or are predictable, threat actors that can extract a key from one device may be able to leverage that key across multiple devices. Therefore, if unique and unpredictable keys per device are used, threat actors have less opportunities to exploit devices before patches are available when one device is compromised.

IEC 62443 4-2 Mappings

• CR 1.2 – Software process and device identification and authentication - (1) Unique identification and authentication

References

[1] Apple. “Apple Platform Security.” apple.com. Accessed: Aug. 26, 2024. [Online]. Available: https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf

MID-033