Researchers have discovered a serious vulnerability in Infineon Trusted Platform Module (TPM) cryptographic processors used to secure encryption keys in many PCs, laptops, Chromebooks and smartcards.
An early warning something might be up emerged on 30 August 2017 when the Estonian Information System Authority (RIA) issued an alert about a “theoretical” problem affecting 750,000 national ID cards issued after October 2014.
The RIA didn’t go into detail but the fact that cancelling the country’s national elections was floated had security people worried.
Last week we got confirmation from Infineon that the problem was serious enough to demand firmware updates from computer vendors, including HP, Fujitsu, Lenovo, Acer, Asus, LG, Samsung and Toshiba.
In cryptographic terms, this one’s a biggie: a flaw in the way the public key encryption key pair is generated makes it possible for an attacker to work out private 1024-bit and 2048-bit RSA keys stored on the TPM simply by having access to the public key.
According to the researchers, a factorisation attack based on the “Coppersmith” method on a 512-bit key could at worst be achieved on Amazon Web Services (AWS) in 2 CPU hours at a cost of fractions of a cent, on a 1024-bit key in 97 CPU days for $40-$80, and on 2048-bit in 140.8 CPU years for $20,000-$40,000.
That probably still puts attacks against 2048-bit keys out of the range of all but the most serious attackers. 1024-bit keys have also been regarded as too weak for some time – security strength guidelines published by the US National Institute of Standards and Technology (NIST) has graded 1024-bit RSA keys “disallowed” since the start of 2013.
Explained the researchers, who will present more information at this month’s ACM CCS conference:
The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable.
Do Trusted Platform Modules matter?
First introduced in 2009, a TPM is a cryptographic chip standard built on to the motherboard of many (but by no means all) PCs and laptops as a secure place to store system passwords, certificates, encryption keys and even biometric data.
The principle is simple: storing keys inside the TPM is a lot better than keeping them on the hard drive or letting them be managed by the operating system, both of which can be compromised.
Microsoft’s BitLocker uses a TPM. They can also be used for authentication (checking a PC is the one it claims to be) and attestation (that a system’s boot image hasn’t been tampered with), for example on Google’s Chromebooks.
The vulnerability was first reported to Infineon in February this year, but the headache now is working out which devices are (or are not) affected.
Many computers, especially older ones, don’t have TPMs and others use chips from vendors other than Infineon.
Windows users can check for the presence of a TPM by typing Win+R to open Run followed by the command tpm.msc (if one is not present you’ll see a message stating this), with the manufacturer code stated at the bottom of the dialogue box. This interface can also be used to regenerate keys, which might be necessary at some point.
Beyond that, the best place to start assessing the flaw’s impact is on the website of the affected vendor and Microsoft’s help page.
According to the latter, what is now designated CVE-2017-15361 was given a “workaround” update in last week’s monthly Windows patch update, which should be applied before any firmware update from the TPM maker.
And it’s not just PCs: a labyrinth of other devices could also be caught up in the issue, for example around 2% of YubiKey hardware tokens. Likewise, Google Chromebooks, almost all of which seem to use Infineon’s TPM but will, thankfully, update automatically without user intervention.
Sophos products that manage BitLocker encryption on affected hardware may be impacted. Sophos customers should check Knowledge Base article 127650 for information.
Customers who use smartcards to authenticate to Sophos SafeGuard products should check Knowledge Base article 127704 for information.
zengator
WRT tpm.msc:
1 – This needs to be run with elevated (admin) permissions. If you can simply win+R => tpm.msc and not get a message similar to “You don’t have permission to open the TPM console,” then you are browsing the web while logged into your computer as an Administrator of your computer, and this is a far bigger problem than whether your TPM is vulnerable to the attack described here.
2 – The manufacturer code for Infineon is “IFX”. For Intel: “INTC”.
John E Dunn
The article wasn’t advocating running in admin mode by default!. You’re correct that tpm.msc requires admin privileges although the same can be achieved in standard mode by running devmgmt.msc.
Eirik Schølseth
“According to the researchers, a factorisation attack based on the “Coppersmith” method on a 512-bit key could at worst be achieved on Amazon Web Services (AWS) in 2 CPU hours at a cost of fractions of a cent, on a 1024-bit key in 97 CPU hours for $40-$80, and on 2048-bit in 140.8 CPU hours for $20,000-$40,000.”
You have your times way off. It is hours, days, years.. Not hours times 3. The scaling is not correct if you look at 512 -> 1024 -> 2048.. How would decrypting a 2048-bit encryption only take marginally longer than 1024? And the same with 512 to 1024.. Also 140 CPU hours does not cost 20-40 k USD.
Taken from the source:
The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014):
512 bit RSA keys – 2 CPU hours (the cost of $0.06);
1024 bit RSA keys – 97 CPU days (the cost of $40-$80);
2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 – $40,000).
Mark Stockley
You are correct, we have amended the article, thanks.
John E Dunn
Ouch – my bad. Many thanks for pointing this out.