Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Wednesday October 18 2017, @12:00PM   Printer-friendly
from the really-secure-amirite? dept.

A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a private key just by having a target's public key.

Security experts say the bug has been present since 2012 and found specifically in the Infineon's Trusted Platform Module used on a large number of business-class HP, Lenovo and Fijitsu computers, Google Chromebooks as well as routers and IoT devices.

The vulnerability allows for a remote attacker to compute an RSA private key from the value of a public key. The private key can then be misused for purposes of impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures (such as for software releases) and other related attacks, according to researchers.

The Infineon flaw is tied to a faulty design of Infineon's Trusted Platform Module (TPM), a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and used for secured crypto processes.

Source: https://threatpost.com/factorization-flaw-in-tpm-chips-makes-attacks-on-rsa-private-keys-feasible/128474/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Interesting) by Anonymous Coward on Wednesday October 18 2017, @11:08PM (1 child)

    by Anonymous Coward on Wednesday October 18 2017, @11:08PM (#584232)

    i have used an exacto knife. fortunately, in the systems that happened to, the OS merely reports an error that tpm isnt functioning properly, maybe let an administrator know.

    i do not expect that to fly in a corporate environment, nor a permissive attitude towards knife wielding.

    Starting Score:    0  points
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  

    Total Score:   1  
  • (Score: 2) by takyon on Thursday October 19 2017, @02:35AM

    by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Thursday October 19 2017, @02:35AM (#584338) Journal

    If your corporate environment doesn't consider removal of TPM to be a security enhancement, that is their business unless it is your job to convince them otherwise.

    --
    [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]