During a security assessment, the engineer discovers that a network appliance's firmware updates are signed using a 1024-bit RSA key. The appliance was manufactured in 2015. What is the primary security concern?
1024-bit RSA can be broken by determined attackers; NIST recommends at least 2048 bits.
Why this answer
1024-bit RSA keys are considered weak because they can be factored with moderate computational resources, allowing an attacker to forge firmware updates. While the signature algorithm (RSA) is not obsolete, the key length is insufficient. Firmware encryption is not required for integrity; signing key rotation is secondary.