"That's just laziness on the part of a manufacturer," Paterson said in a phone interview. "This is cardinal sin. This is just not how cryptography should be done."
The danger is that an attacker could factor just one, 512-bit key and then potentially decrypt traffic exchanged by more than 28,000 devices that use the same key.
Of the 2.2 million hosts still vulnerable to FREAK, the researchers found 664,336 had duplicate keys. Just for academic interest, the team also tried factoring some of the repeated keys using an algorithm and mathematical techniques.
In under three minutes, they successfully factored 90 of the public keys, which correspond to 294 hosts. Paterson said they used a fairly ordinary 8-core system at the university that last year cost about £10,000 (US$14,800).
Paterson knows the IP addresses of some of the most vulnerable devices -- essentially, the addresses of the houses with the same key. The researchers are trying to reach out to those most at risk.
"We've started the process a little bit, but it's actually laborious to track down who is responsible for these devices and IP addresses," he said.
The research paper was also co-authored by Martin Albrecht, Davide Papini and Ricardo Villanueva-Polanco.
Sign up for CIO Asia eNewsletters.