back to article Never mind the WPA2 drama... Details emerge of TPM key cockup that hits tonnes of devices

RSA keys produced by smartcards, security tokens, laptops, and other devices using cryptography chips made by Infineon Technologies are weak and crackable – and should be regenerated with stronger algorithms. In short, Infineon TPMs – aka trusted platform modules – are used in countless computers and gadgets to generate RSA …

  1. Anonymous Coward
    Anonymous Coward

    From Wikipedia

    "Infineon Technologies AG is a German semiconductor manufacturer founded on 1 April 1999"

    Joke's on us then

    1. Mark 65

      Re: From Wikipedia

      The article mentions a bug but in a post-Snowden World was it incompetence or intent? I mean, the NSA have foisted one flawed encryption mechanism on us (Elliptical Key weakness) and have been observed trying with a new one but got called out on it. Snowden's releases showed that they have form paying for flaws to be inserted in systems, so why not?

  2. a_yank_lurker

    Maybe

    When Apple and ferals were going toe to toe a couple of years back and then ferals said they had a way in. I wonder if it is related to this, crackable keys because of poorly written security code Apple (and apparently many others) was using.

    1. phuzz Silver badge
      Thumb Down

      Re: Maybe

      No, this problem doesn't have anything to do with Apple. This is a flaw with how encryption keys are generated on very low power devices such as smart cards.

  3. Anonymous Coward
    Anonymous Coward

    Lovely!

    This means I can now bypass SecureBoot and be able to own my computer.

    1. Anonymous Coward
      Anonymous Coward

      Re: Lovely!

      Yes, you and many others...

  4. Joerg

    All crypto systems are flawed to allow for backdoors...

    All crypto systems are flawed to allow for backdoors... just as simple as that. All the official "secure" crypto systems are flawed by design on purpose. Backdoors are needed by secret agencies and so the crypto systems must be flawed.

    What would happen if there were hundreds or thousands of unknown custom crypto algorithms in place? Officially on books they tell people that hiding the crypto algorithms is not going to increase security and other nonsense babbling like that... far from the truth .. but that ensures that almost everyone would follow rules and use known crypto systems by making them think that a custom design would be easier to crack.

    1. Anonymous Coward
      Anonymous Coward

      Re: All crypto systems are flawed to allow for backdoors...

      I'm compliant with that as I've engraved my root password onto a metal plate nailed to the bottom edge of my back door, and nobody would look for that, right?

      (sneaky as I am it's engraved reversed ha ha ha hoo! totally secure!)

      1. DropBear
        Trollface

        Re: All crypto systems are flawed to allow for backdoors...

        "sneaky as I am it's engraved reversed ha ha ha hoo! totally secure!"

        Bad news: you unwittingly weakened your own security, considering that in the mirror one would presumably be most likely to use to read a plate on the bottom edge of something, your reversed text would actually read naturally de-reversed. See, this is why rolling your own crypto is always a bad idea...

  5. John Smith 19 Gold badge
    FAIL

    Proving once again a) Crypto is tough b) Security by obscurity is f**king useless

    Good to know someone is still pushing the boundaries and calling out mfg's for lame implementations.

    Fail for the mfg. Win for the testers.

    1. Adam 52 Silver badge

      Re: Proving once again a) Crypto is tough b) Security by obscurity is f**king useless

      Proves absolutely nothing about security by obscurity. Even if this had been a fully open platform it'd still have been vulnerable. May (or may not) have been easier to find, we don't know, but irrelevant unless anyone's looking.

  6. fobobob

    Cough.. clipper.. cough *hack* wheeze...

    Oh wait, this was more likely just run-of-the mill incompetence.

  7. Nolveys
    Paris Hilton

    Ignorance is bliss, so why do I drink so much?

    I've heard of "TPM", but never really looked into it. According to the Wikipedia page it's primarily for ensuring that software/hardware hasn't been tampered with. I found this long list of (all?) HP products that are effected by this:

    https://support.hp.com/si-en/document/c05792935

    So there is a *lot* of stuff out there with these chips.

    However, I have to wonder what there is of importance that actually uses this stuff. Under Linux there's a "TrouSerS" library that seems to be the way that most people access TPM, including libengine-tpm-openssl, by which you can generate keys via OpenSSL using TPM. However, it doesn't seem to be generally used. I also found someone who managed to get OpenSSH to use TPM, but again, this does not seem to be common.

    My understanding was that RSA keys for certificates, ssh keys and things I generally care about are generated using the normal processor rather than special hardware.

    A quick look makes it seem that none of the stuff I use (and care about) will be effected, but that's based on a whole 5 minutes of half-arsed research. Can anyone shed some light on the applicability of this vulnerability?

    1. Lee D Silver badge

      Re: Ignorance is bliss, so why do I drink so much?

      Good luck buying a machine nowadays without a TPM.

      Most places will let you turn it off, but sometimes "Secure Boot" is a necessity, especially for odd devices (e.g. Windows tablets, Chromebooks, etc.) and TPM is a part of that.

      It's a chip that holds a keystore. The keys can be plugged into it. They can be used to encrypt and decrypt. But the key doesn't come back out (I'm pretty sure nobody's managed that yet, certainly not a cheap/easy/guaranteed way). It's basically what smartcards are - you know they have a key, you know they have the private part of it (because they can encrypt and decrypt) but you can't extract the private part of the key itself once it's on there.

      The OpenSSL stuff is just using the TPM as a keystore. It has nothing to do with usage of the TPM by, for example, a Microsoft key signing a Microsoft bootloader. P.S. even modern Linux distros have to have a Microsoft-signed bootloader to boot on UEFI / Secure Boot systems. In theory you can add third-party keys, but the UEFI BIOS rarely actually expose the option to the end-user.

      Modern Windows can even put things like the equivalent of Windows product keys into the TPM (not quite, but almost) - so that the machine is licensed without needing the user to type anything. BIOS-locking done at the factory, basically. It also means that if you move your Windows install to a different board / chip / BIOS / machine it likely will de-activate itself.

      The generation of those keys, however, is a concern and it very much depends on whether they were made by the machine itself, by the TPM chip in the machine, or by the manufacturer. Also, as per your OpenSSL example, there is room on the chip to use it for DRM for software manufacturers or yourself. Thus, some people will now have TPM keys that aren't as secure as they believed.

      It's not infeasible that such an attack will hurt BIOS-locking manufacturers (including people like Google who use the TPM on their Chromebooks), software DRM schemes for the most expensive software, Bitlocker (eek!) and activation keys on Windows, etc.

      The TPM chips now do everything from random number generation to the full encryption/decryption of the data stream, potentially from boot-up to shutdown.

      And just about every machine now has one to the point that they are incredibly difficult to avoid. Your smartphone probably has one. As does your tablet. And so will your PC if it's been made in the UEFI era (even legacy BIOSs are becoming rarer now, but they often appear as a set of "UEFI Only / UEFI and Legacy" options so the UEFI/TPM/etc. stuff is often still present but unused for boot-integrity (Secure Boot) unless you make the machine do something like Bitlocker).

      This is a big ouch, which is why some manufacturers are running around re-building their TPM keys at the moment.

  8. Mikel

    All your base are belong to us.

    >Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin." - John Von Neumann

    Current state of trust: not trusted. As it should have been all along.

    Between the two it's an all-hours data buffet in hacker land. Now add in the Intel AMT hack, and various others. I assure you that state actors have had access to this stuff for years and now the kids get to play.

    You need precisely one compromised device on the corporate network and you own the whole thing. Your medical records? For sale. Your ballot box too. It isn't a question of whether the data is hacked but who first, how many and how often.

    So glad I got out of the biz. It's a mess.

  9. Anonymous Coward
    Anonymous Coward

    Besides state backed hackers, who else has the funds to pursue this kind of attack?

    Phishing attacks seem a lot more cost effective... the stupidity of the end user is a slam dunk numbers game.

    1. Mikel

      Besides state actors, who has the resources?

      It's a kit. The kid next door is working on it between his online school assignments.

    2. Anonymous Coward
      Anonymous Coward

      who else has the funds to pursue this kind of attack?

      $40-60k is easily within the "investment" budget for organised crime.

      Their main problem is how to convert the attack into some form of blockchain currency or cash, but some form of attack on banks, money transfer operators, or corporate treasury departments would seem the obvious way. That requires diverting money transfers to different destinations, making fraudulent transfers directly, or nobbling the commercial systems to grant loans that will then be cashed out, never to be seen again.

      1. Adrian 4

        How much computing power is available to botnets ?

        Your own video player might be calculating your private keys at this moment.

  10. Starace
    Devil

    'Bug'

    It's not a bug, it's a feature.

  11. Anonymous Coward
    Black Helicopters

    All IT is hackable

    In other words, all IT is hackable because humans designed it with a flaw, or else were incompetent or lazy in implementing something that should have been secure.

  12. Pu02

    Vendors like HP and CIsco have been distributing patches since the day this was publicly disclosed. It appears many other vendors are asleep at the wheel. I've just replaced some Asus hosts as they are yet to be updated. No mention of it on their sites or forums and no response to support requests, yet they even sold TPM modules w Infineon chips as a value add for their kit: The client tells me they will NEVER buy Asus again.

    Noone ever got sacked for buying IBM, but what about Asus?

    1. Anonymous Coward
      Anonymous Coward

      We raised a ticket with Asus about our web servers...

      Our HP boxes were patched on day one.

      Asus had no advice, and have responded to our support ticket, but are yet to patch the firmware in their TPM chips/motherboards. So we ended up having to remove them from production.

      If Asus don't sort their stuff out and send us a patch by the end of the month, they will all get thrown out.

      No wonder some people pay IBM (or in our case from now on, HP) ;-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like