|Sources:||CRoCS wiki, Bleepingcomputer|
The encrypting chip from Infineon Technologies AG, widely used in Acer, Asus, Fujitsu, HP, Lenovo, LG, Samsung, Toshiba and Chromebooks, has a highly critical vulnerability. Attackers that get a hold of machines with the TPM chip will be able to easily decrypt the machine and the associated keys.
The encryption chips are also integrated into a variety of authentication, signature and encryption solutions, but also in trusted boot for operating systems. The vulnerability has been detected in NIST FIPS 140-2 and CC EAL 5+ certified devices since every fall of 2012. No physical access to the vulnerable machine is needed, only the public key is required to exploit vulnerability. The vulnerability also does not depend on a weak key – all RSA keys generated by the affected chips are affected. Keys based on 1024 and 2048 bits have been tested and verified broken.
The specific build-up of the keys makes it possible to quickly detect vulnerable keys, even in large databases. This makes it easier for users to find the appropriate keys, but it also makes the job easier for attackers.
There are published tools to determine if you or your company have vulnerable keys, both online and offline:
Offline testers: Python / Java / C ++ applications and guides (https://github.com/crocs-muni/roca).
Online testers: Upload your public key to: https://keychest.net/roca or https://keytester.cryptosense.com to test this.
MIME / PGP Tester: Send a signed email to firstname.lastname@example.org to receive an automated email response with an analysis of your signed key.
Name of vulnerability
CVE-2017 to 15,361
Cyberon Security comes with the following recommendations:
- Check with your hardware vendor for firmware updates for their machines.
- Microsoft has a page dedicated to where you can download updates for the different vendors and how to seal vulnerabilities in different Windows roles:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012
- Google also has a firmware and fix page:https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
Read more about vulnerability here
Please contact us for further assistance on this alert.