Infineon’s RSA Vulnerability Reveals Seismic Fault Line in Cybersecurity

Recently, researchers at Masaryk University made a startling discovery when they uncovered a serious vulnerability in the cryptographic library used in security chips manufactured by Infineon since 2012.

These chips—used in TPMs, smart cards and other environments—are so common as to be practically ubiquitous. Potential consequences are just as far-reaching, placing people at greater risk of identity theft, decryption of confidential data, injection of malicious code into digital signed software, and bypassed protections that prevent accessing or tampering with stolen PC.

The vulnerability is especially problematic as it is located in code that complies with two security certification standards, NIST FIPS 140-2 and CC EAL5+, which are pervasive throughout the networks of many governments, contractors, and companies around the world. The paper, scheduled for publication in early November, is not yet available in its entirety, but its title reveals that the RSA key generation of these chips is particularly vulnerable to a form of Coppersmith’s attack.

More specific details about the potential for attack will be presented at the ACM Conference on Computer and Communications Security (CCS) on October 30, but the flaw has already having significant impact on many applications and systems.

The Vulnerability  Found In Infineon's Chips Has Already Had A Widespread Effect

On August 30, researchers alerted officials in Estonia that 750,000 government identify cards, issued since October 2014, might be compromised. These cards—used for online authentication, digital contracts, business, access to government services and more—are more common and more significant than driver’s licenses. The vulnerability makes identity theft possible without the need to have physical access to the card itself, since only the public key is required. As a result, Estonian officials have announced that they would shut down the public key database.

Also impacted are Trusted Platform Modules that have become standard to ensure system integrity and protection. A TPM is the standard cryptographic chip built into computers to store sensitive information like encryption keys. Storing this information on a chip is usually significantly safer than relying on software, which is easier to compromise. (Though it is important to note that not all vendors use chips from Infineon.)

In an interview with arsTechnica, the researchers revealed that they examined a sampling of 41 different laptop models that use TPMs. About 25 percent used Infineon's vulnerable chip. The vulnerability is especially critical for TPM version 1.2, because Microsoft's BitLocker is affected —greatly increasing the potential for hackers and threat actors to access protected, confidential data on stolen or lost laptops. Beside BitLocker, TPMs are critical for other security features in Microsoft’s Windows and administrators are urged to take mitigation actions.

Since RSA has become a critical part of the foundation of internet security, these examples could prove to be the very tip of the iceberg.

In the same interview, the researchers further mentioned that they scanned the Internet for fingerprinted keys and quickly found hits in a variety of interesting places. They discovered vulnerable keys in certificates used for Transport Layer Security. (Interestingly, many contain the string “SCADA” in the common name field.)

This raises the possibility that vulnerable keys are used in SCADA systems which usually control the industrial equipment that is used in critical infrastructure. The Department of Homeland Security identifies 16 different critical infrastructure sectors—including chemical, communications, energy, financial services, food and agriculture, water systems and nuclear reactors.

The researchers went on to test PGP keys used for email encryption. Out of nearly 2900 tested, more than 950 were affected—the majority generated by the Yubikey 4, a product by Yubico which is using the vulnerable chip. Furthermore, they found 447 fingerprinted keys on the internet used to sign GitHub submissions. More than half (237) showed the vulnerability. GitHub has since been notified of the fingerprinted keys and is in the process of getting users to change them.

As disconcerting as these findings alone may be, they represent merely a sample of vulnerable keys. It is estimated that there are a significantly more out there.

So how likely is an attack?

That depends on a range of factors. One has to look at the individual use case to have clarity about the effects. What makes this vulnerability so severe, though, is the fact that an attacker only needs the public key and does not require access to the hardware. Once an attacker has access to the public key, the expense and effort required to get the private key depends on the actual key size. However, to spare time and cost, attackers can first test a public key to see if it is vulnerable to the attack. This test is inexpensive and requires less than 1 millisecond. This allows attackers to focus their effort only on keys which are actually factorable.

To determine the vulnerability of specific RSA keys, the research team has built a website which allows you to test a public key. (Additional information from the researchers can be found here.)

As dire and alarming as these findings are, they could reveal a benefit in the form of a wake-up call that is long overdue. While the findings are breaking news, the vulnerability has been around for years. In a world where digital transcends all borders, we are all impacted by these vulnerabilities.

For many individuals and organizations alike, cryptography is the most significant source of security that they have never heard of before now. As our lives, both personal and professional, have become intrinsically intertwined with digital and online activity, cryptography has become a critical, though invisible and often unconsidered, part of securing our daily lives and activity.

Though the imperative is clear, for many, the next steps may seem daunting. They shouldn’t. Though cryptographic algorithms are deeply embedded and widely deployed across systems, there are ways to identify them. Mitigating significant damage begins with finding out who and what systems are at risk. Once the vulnerable systems are identified, it is then possible to replace them with secure ones.

Make no mistake though: The time to identify those at risk is now. There is a reason why the researchers informed Infineon and others months ago. Addressing these challenges takes time and until they are, many systems are vulnerable.

The discovery of this massive fault line in digital security must inspire us to change how we design security systems, and to move quickly towards cryptographic agility. Systems must be able to easily adapt to changes in the cryptographic core. Once they are and we are also aware of what algorithms are used and where, such issues could be fixable with just the push of a button.