Researchers have found a serious vulnerability in a commonly used cryptographic library, compromising the security of potentially millions of RSA encryption keys used to protect a wide range of laptops, smart cards and embedded devices.
'ROCA' (Return of Coppersmith’s Attack) was revealed this week by researchers from the Czech Republic, UK and Italy.
The newly discovered vulnerability (CVE-2017-15361) was found in the implementation of RSA keypair generation in a cryptographic library used in chips produced by Infineon Technologies, featuring the Trusted Platform Module (TPM) microcontroller.
Unfortunately, it’s in a wide range of products dating back as far as 2012.
A detailed note explaining the attack had the following:
“Only the knowledge of a public key is necessary and no physical access to the vulnerable device is required. The vulnerability does NOT depend on a weak or a faulty random number generator – all RSA keys generated by a vulnerable chip are impacted. The attack was practically verified for several randomly selected 1024-bit RSA keys and for several selected 2048-bit keys.”
The bug makes it possible for attackers to use a targeted public RSA key to compute the private part of that key, known as a 'practical factorization attack'.
With the private key, they could decrypt sensitive messages, impersonate the legitimate key owner, forge signatures and other related attacks.
The good news is that, thanks to the eight-month disclosure period agreed with German chipmaker Infineon, many vendors including Fujitsu, Google, Microsoft, HP and Lenovo have had time to release updates and guidelines for mitigation.
However, the vulnerable keys are embedded in a wide range of products, from electronic citizen documents to authentication tokens, trusted boot devices, software package signing, TLS/HTTPS keys and PGP.
Around 760,000 vulnerable keys have been found so far but the researchers warned that “up to two to three magnitudes more” could be at risk.
The researchers urged organizations to first test to see if they are affected and then contact the affected vendor for help, applying a patch if there’s one available.