Encryption chip flaw afflicts huge number of computers

Researchers have discovered a serious vulnerability in Infineon Trusted Platform Module (TPM) cryptographic processors used to secure encryption keys in many PCs, laptops, Chromebooks and smartcards.

An early warning something might be up emerged on 30 August 2017 when the Estonian Information System Authority (RIA) issued an alert about a “theoretical” problem affecting 750,000 national ID cards issued after October 2014.

The RIA didn’t go into detail but the fact that cancelling the country’s national elections was floated had security people worried.

Last week we got confirmation from Infineon that the problem was serious enough to demand firmware updates from computer vendors, including HP, Fujitsu, Lenovo, Acer, Asus, LG, Samsung and Toshiba.

In cryptographic terms, this one’s a biggie: a flaw in the way the public key encryption key pair is generated makes it possible for an attacker to work out private 1024-bit and 2048-bit RSA keys stored on the TPM simply by having access to the public key.

According to the researchers, a factorisation attack based on the “Coppersmith” method on a 512-bit key could at worst be achieved on Amazon Web Services (AWS) in 2 CPU hours at a cost of fractions of a cent, on a 1024-bit key in 97 CPU days for $40-$80, and on 2048-bit in 140.8 CPU years for $20,000-$40,000.

That probably still puts attacks against 2048-bit keys out of the range of all but the most serious attackers. 1024-bit keys have also been regarded as too weak for some time – security strength guidelines published by the US National Institute of Standards and Technology (NIST) has graded 1024-bit RSA keys “disallowed” since the start of 2013.

Explained the researchers, who will present more information at this month’s ACM CCS conference:

The currently confirmed number of vulnerable keys found is about 760,000 but possibly up to two to three magnitudes more are vulnerable.

Do Trusted Platform Modules matter?

First introduced in 2009, a TPM is a cryptographic chip standard built on to the motherboard of many (but by no means all) PCs and laptops as a secure place to store system passwords, certificates, encryption keys and even biometric data.

The principle is simple: storing keys inside the TPM is a lot better than keeping them on the hard drive or letting them be managed by the operating system, both of which can be compromised.

Microsoft’s BitLocker uses a TPM. They can also be used for authentication (checking a PC is the one it claims to be) and attestation (that a system’s boot image hasn’t been tampered with), for example on Google’s Chromebooks.

The vulnerability was first reported to Infineon in February this year, but the headache now is working out which devices are (or are not) affected.

Many computers, especially older ones, don’t have TPMs and others use chips from vendors other than Infineon.

Windows users can check for the presence of a TPM by typing Win+R to open Run followed by the command tpm.msc (if one is not present you’ll see a message stating this), with the manufacturer code stated at the bottom of the dialogue box. This interface can also be used to regenerate keys, which might be necessary at some point.

Beyond that, the best place to start assessing the flaw’s impact is on the website of the affected vendor and Microsoft’s help page.

According to the latter, what is now designated CVE-2017-15361 was given a “workaround” update in last week’s monthly Windows patch update, which should be applied before any firmware update from the TPM maker.

And it’s not just PCs: a labyrinth of other devices could also be caught up in the issue, for example around 2% of YubiKey hardware tokens. Likewise, Google Chromebooks, almost all of which seem to use Infineon’s TPM but will, thankfully, update automatically without user intervention.

Sophos products that manage BitLocker encryption on affected hardware may be impacted. Sophos customers should check Knowledge Base article 127650 for information.

Customers who use smartcards to authenticate to Sophos SafeGuard products should check Knowledge Base article 127704 for information.