Hole Found in Infineon Chips

Monday, October 16, 2017 @ 03:10 PM gHale

There is a crypto-related vulnerability affecting some chips made by German semiconductor manufacturer Infineon Technologies.

The vulnerability, CVE-2017-15361, is within the Trusted Platform Module (TPM), a global standard designed for protecting crypto processes within computing devices, and for securely storing encryption keys, passwords, certificates and other sensitive data.

New Ransomware Targets Android
Manufacturers Targets for Attacks
SMBs Face Ransomware, IoT Attacks
ICSJWG: Putting Numbers Behind Risk

TPM ended up in some Infineon microcontrollers in an effort to secure hardware.

The problem is RSA encryption keys generated by the TPM can end up cracked due to the use of a technique known as “Fast Prime.”

“Fast Prime” is an algorithm that helps accelerate the generation of RSA public and private key pairs.

The issue ended up discovered by a team of researchers from the Masaryk University in the Czech Republic, Enigma Bridge in the UK, and Ca’ Foscari University of Venice, Italy.

The vulnerability allows an attacker who knows the public key to obtain the private RSA key, the researchers said. The attack can end up carried out remotely and all keys generated by vulnerable chips are affected.

The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014):
• 512 bit RSA keys – 2 CPU hours (the cost of $0.06);
• 1024 bit RSA keys – 97 CPU days (the cost of $40-$80); 
• 2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 – $40,000).

Infineon officials said a 2048 bit key can be cracked within one month using 600 CPUs.

“The private key can be misused for impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures (such as for software releases) and other related attacks,” researchers said.

“The actual impact of the vulnerability depends on the usage scenario, availability of the public keys and the lengths of keys used. We found and analyzed vulnerable keys in various domains including electronic citizen documents, authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP. The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable,” they added.

The vulnerability was discovered at the end of January and it was reported to Infineon in February. The company has been working with affected hardware OEMs and PC manufacturers to address the problem.

Infineon released a firmware update that patches the vulnerability, and Microsoft, Google, HP, Lenovo and Fujitsu released security advisories to alert customers.

Microsoft, which said it had not been aware of any ongoing attacks, released Windows security updates.

The software giant also said TPM firmware updates also need to be installed and previously created keys should be reissued.

HP released updates for notebooks, mobile workstations, thin clients, commercial desktops, retail systems, and workstation desktops. The list of affected models includes Chromebook, Elite, EliteBook, mt and t thin clients, Pro, ProBook, Stream, ZBook, ZHAN, 260 G1/G2, 280 G1/G2, 406 G1/G2, Elite Slice, EliteDesk, EliteOne, ElitePOS, MP9, ProDesk, ProOne, RP9, Z workstations, Envy, Spectre, and OMEN X.

Lenovo said its products are not affected by the flaw. However, the list of impacted devices includes various ThinkCentre, ThinkPad and ThinkStation models.

Google said Chrome OS relies on TPM-generated RSA keys for several features, including to slow down brute-force attacks, for hardware backed encryption keys and certificates, and the certification process for Verified Access.

Fujitsu released tools to fix the weakness in OEM mainboards, ESPRIMO desktop PCs, FUTRO thin clients, CELSIUS workstations, LIFEBOOK notebooks, STYLISTIC tablets, and PRIMERGY servers.

Leave a Reply

You must be logged in to post a comment.