Microsoft, Google, HP, Lenovo and Fujitsu have warned customers of a potentially serious crypto-related vulnerability affecting some chips made by German semiconductor manufacturer Infineon Technologies.
TPM vulnerability allows attackers to obtain private RSA keys
The flaw, tracked as CVE-2017-15361, is related to the Trusted Platform Module (TPM), an international standard designed for protecting crypto processes within computing devices, and for securely storing encryption keys, passwords, certificates and other sensitive data. TPM has been implemented in some Infineon microcontrollers in an effort to secure hardware.
The problem is that RSA encryption keys generated by the TPM (e.g. for disk encryption purposes) can be cracked due to the use of a technique known as “Fast Prime.” This is an algorithm that helps accelerate the generation of RSA public and private key pairs.
The issue was discovered by a team of researchers from the Masaryk University in the Czech Republic, Enigma Bridge in the UK, and Ca’ Foscari University of Venice, Italy.
According to experts, the vulnerability allows an attacker who knows the public key to obtain the private RSA key. The attack can be carried out remotely and all keys generated by vulnerable chips are affected. Researchers said a 1024 bit RSA key can be cracked in 97 CPU days for a cost of $40-80 using an older Intel Xeon processor, and a 2048 bit key in 140 CPU years for a cost ranging between $20,000 and $40,000. Infineon estimated that a 2048 bit key can be cracked within one month using 600 CPUs.
“The private key can be misused for impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures (such as for software releases) and other related attacks,” researchers said.
“The actual impact of the vulnerability depends on the usage scenario, availability of the public keys and the lengths of keys used. We found and analyzed vulnerable keys in various domains including electronic citizen documents, authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP. The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable,” they added.
Full technical details will be released in early November at the ACM Conference on Computer and Communications Security (CCS).
Affected tech giants release advisories
The vulnerability was discovered at the end of January and it was reported to Infineon in February. The company has been working with affected hardware OEMs and PC manufacturers to address the problem.
Infineon has released a firmware update that patches the vulnerability, and Microsoft, Google, HP, Lenovo and Fujitsu have released security advisories to alert customers.
Microsoft, which said it had not been aware of any attacks in the wild, has released Windows security updates, but warned users that the TPM firmware updates also need to be installed and previously created keys should be reissued.
HP has released updates for many of its notebooks, mobile workstations, thin clients, commercial desktops, retail systems, and workstation desktops. The list of affected models includes Chromebook, Elite, EliteBook, mt and t thin clients, Pro, ProBook, Stream, ZBook, ZHAN, 260 G1/G2, 280 G1/G2, 406 G1/G2, Elite Slice, EliteDesk, EliteOne, ElitePOS, MP9, ProDesk, ProOne, RP9, Z workstations, Envy, Spectre, and OMEN X.
Lenovo said many of its products are not affected by the flaw. The list of impacted devices includes various ThinkCentre, ThinkPad and ThinkStation models.
Google has also shared a list of affected Chromebooks. The company said Chrome OS relies on TPM-generated RSA keys for several features, including to slow down brute-force attacks, for hardware backed encryption keys and certificates, and the certification process for Verified Access.
Fujitsu has released various tools to address the weakness in OEM mainboards, ESPRIMO desktop PCs, FUTRO thin clients, CELSIUS workstations, LIFEBOOK notebooks, STYLISTIC tablets, and PRIMERGY servers.
The WinMagic full disk encryption software is also affected, according to Infineon, but no advisory is available at the time of writing.
Related: Intel Warns of Critical Vulnerability in Processor Firmware
Related: Flawed BIOS Implementations Lead to Intel Boot Guard Bypass
Related: Multiple Vulnerabilities Found in Mobile Bootloaders
