Researchers Say Faulty Code Jeopardizes Encryption KeysMajor Manufacturers Have Patched to Prevent 'ROCA' Attack
Researchers say they've identified faulty cryptographic code in microchips made since 2012 by Infineon Technologies, posing risks to government-issued smartcards, consumer laptops, authentication tokens and more.
The weakness, CVE-2017-15361, could potentially allow attackers to calculate a private encryption key based on the public key. The error is egregious because public key cryptography is designed to ensure this exact scenario doesn't happen, according to researchers at the the Centre for Research on Cryptography and Security at Masaryk University in the Czech Republic; Enigma Bridge, a U.K. company, and Ca' Foscari University in Venice, Italy.
The discovery affects a wide range of processes where cryptography is used, including software signing, TLS/SSL, PGP and even ID cards issued by Estonia. It has been nicknamed ROCA, an abbreviation of "Return of Coppersmith's Attack," part of the title of the researchers' academic paper.
The vulnerability is in an algorithm that generates prime numbers necessary for creating a pair of RSA encryption keys, according to the researchers.
The research team says more details will be released at the ACM Conference on Computer and Communications Security conference in Dallas, which starts Oct. 30.
It doesn't appear that the error was intentional as if to give spy agencies such as the NSA an edge in electronic surveillance. The error is "not a backdoor," writes Matthew Green, a cryptographer and professor at Johns Hopkins University, on Twitter. "It's just stupid."
The impact could be vast, the researchers say. So far, 760,000 vulnerable RSA public keys have been discovered, "but possibly up to two to three magnitudes more are vulnerable," they write.
"The vulnerable chips are pervasive and not necessarily sold directly by Infineon Technologies AG, as the chips can be embedded inside devices of other manufacturers," they write in an advisory.
Other experts echoed the fear that the impact could be widespread.
"The Infineon RSA vulnerability (#ROCA) must be followed up carefully," writes Kauto Huopio, chief specialist with Finland's National Cyber Security Centre. "It could be potentially much, much more than Estonian ID cards."
To make matters worse, attackers do not need access to a physical device. They merely need the public key and then the ability to intercept traffic encrypted with the vulnerable key pair.
The vulnerability was discovered in January, and Infineon was informed in February. The company released a firmware patch on Oct. 10. That patch fixes chips inside its Trusted Platform Module, a type of controller that is used to store highly sensitive information such as passwords, certificates and encryption keys.
Many manufacturers use Infineon's TPM chips, including HP, Lenovo, Fujitsu, Microsoft and Google. All have released patches.
One of the most affected entities is the Estonian government, which has issued 750,000 ID cards, residence permits and digital IDs created since October 2014 with the faulty software. It has launched a program to update the software on the cards.
Public and private encryption keys are multiples of very large prime numbers. The vulnerability could allow an attacker to "factor" a public encryption key, breaking it down into those prime numbers. That information could then used to calculate the private key. The researchers haven't released their factoring method due to the ongoing risks.
Key length does matter, however, because it increases the amount of time and computing power required to factor a key. But the researchers say the attack will practically work against keys that are less than 2,048 bits.
"The worst-case price of the factorization on an Amazon c4 computation instance is $76 for the 1,024-bit key and about $40,000 for the 2,048-bit key," they write. A key length of 4,096 bits is "not practically factorizable now, but may become so if the attack is improved," they add.
Although the algorithmic weakness isn't described, it's not dependent on a problematic pseudo random number generator, the researchers say. PRNGs are crucial for encryption and have been one target for corruption by spy agencies.
In December 2013, Reuters reported that U.S. security firm RSA received $10 million from the NSA to use an intentionally flawed formula in its encryption software. The formula generated random numbers, but the flaws gave the NSA a secret backdoor for cracking encryption.
How to Take Action
The researchers say that because the vulnerability exists in the "on-chip software library" and isn't restricted to a specific group of products, the only way to figure out if there's a risk is to test the RSA keys that are created by devices.
Fortunately, that's easy, and the researchers have created a web service where keys can be tested.
"It is recommended to test also the keys already in use," they write. "We believe the tools are very accurate. It is highly unlikely that a secure key would be flagged, as well as that a vulnerable key would be missed."
The other important action is to apply software patches. If patches aren't available, "replace the device with one without the vulnerable library," they write.