ROCA

The encrypting chip from Infineon Technologies AG, widely used in Acer, Asus, Fujitsu, HP, Lenovo, LG, Samsung, Toshiba and Chromebooks, has a highly critical vulnerability. Attackers that get a hold of machines with the TPM chip will be able to easily decrypt the machine and the associated keys.
Severity: Critical
Dispersion:
Operating System: IOT
Category: Vulnerabilities
Sources: CRoCS wiki, Bleepingcomputer

From Alert
The encrypting chip from Infineon Technologies AG, widely used in Acer, Asus, Fujitsu, HP, Lenovo, LG, Samsung, Toshiba and Chromebooks, has a highly critical vulnerability. Attackers that get a hold of machines with the TPM chip will be able to easily decrypt the machine and the associated keys.

 

Description

The encryption chips are also integrated into a variety of authentication, signature and encryption solutions, but also in trusted boot for operating systems. The vulnerability has been detected in NIST FIPS 140-2 and CC EAL 5+ certified devices since every fall of 2012. No physical access to the vulnerable machine is needed, only the public key is required to exploit vulnerability. The vulnerability also does not depend on a weak key – all RSA keys generated by the affected chips are affected. Keys based on 1024 and 2048 bits have been tested and verified broken.

The specific build-up of the keys makes it possible to quickly detect vulnerable keys, even in large databases. This makes it easier for users to find the appropriate keys, but it also makes the job easier for attackers.

 

Tools

There are published tools to determine if you or your company have vulnerable keys, both online and offline:

Offline testers: Python / Java / C ++ applications and guides (https://github.com/crocs-muni/roca).
Online testers: Upload your public key to: https://keychest.net/roca or https://keytester.cryptosense.com to test this.
MIME / PGP Tester: Send a signed email to roca@keychest.net to receive an automated email response with an analysis of your signed key.

 

Name of vulnerability

CVE-2017 to 15,361

Cyberon Security comes with the following recommendations:

  • Check with your hardware vendor for firmware updates for their machines.
  • Microsoft has a page dedicated to where you can download updates for the different vendors and how to seal vulnerabilities in different Windows roles:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012
  • Google also has a firmware and fix page:https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

Read more about vulnerability here

  • https://crocs.fi.muni.cz/public/papers/rsa_ccs17
  • https://www.bleepingcomputer.com/news/security/tpm-chipsets-generate-insecure-rsa-keys-multiple-vendors-affected/

Please contact us for further assistance on this alert.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: