The ROCA Attack delivers private RSA keys from the TPM to attackers

von , am


We prefer to report about nice new features but this month seems to be the big infosec month. After KRACK, here comes another one for all the SysAdmins among our readers:

This time it is about the popular Trusted Platform Module (TPM) from Infineon Technologies or, to be more precise, the program code for generating an RSA key pair. The TPM is used for cryptographic operations and is used, for example, for disk encryption on servers, PCs and notebooks.

The vulnerability behind the attack called ROCA (Return of Coppersmith's Attack) (CVE-2017-15361) allows the private key (which is required to decrypt the stored information) to be reconstructed using the public key.

Long storry short: Data previously thought to be securely encrypted can be made readable by unauthorized persons.

The attack itself is not new and was discovered 5 years ago by security researchers at Masaryk University in the Czech Republic.

The vulnerability is present in TPM chips back to 2012 and is applicable to RSA keys with 1024 and 2048 bits, which are the most common key lengths.

This was announced confidentially to Infineon Technologies in February of this year. However, full publication will not be released until November 2 at the ACM (Conference on Computer and Communications Security) to allow manufacturers sufficient time for patches.

A large part of the systems manufactured by HP, Lenovo and Fujitsu with TPM chip are affected by this. Most manufacturers have now released software updates and troubleshooting instructions:

Fujitsu: http://support.ts.fujitsu.com/content/InfineonTPM.asp

Google: https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

HP: https://support.hp.com/si-en/document/c05792935

Infineon: https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160

Lenovo: https://support.lenovo.com/in/en/product_security/len-15552

Microsoft: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012

We advise you to update affected devices immediately. A rough description and tools for checking your systems are available at https://crocs.fi.muni.cz/public/papers/rsa_ccs17.


Wir freuen uns über Kommentare: