A flawed Infineon Technology chipset used on PC motherboards to securely store passwords, certificates and encryption keys risks undermining the security of government and corporate computers protected by RSA encryption keys. In a nutshell, the bug makes it possible for an attacker to calculate a private key just by having a target's public key.
Security experts say the bug has been present since 2012 and found specifically in the Infineon's Trusted Platform Module used on a large number of business-class HP, Lenovo and Fijitsu computers, Google Chromebooks as well as routers and IoT devices.
The vulnerability allows for a remote attacker to compute an RSA private key from the value of a public key. The private key can then be misused for purposes of impersonation of a legitimate owner, decryption of sensitive messages, forgery of signatures (such as for software releases) and other related attacks, according to researchers.
The Infineon flaw is tied to a faulty design of Infineon's Trusted Platform Module (TPM), a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and used for secured crypto processes.
(Score: 5, Insightful) by crafoo on Wednesday October 18 2017, @12:44PM (9 children)
Even the name should make you immediately skeptical: "Trusted Platform Module". Really? Trusted by whom, exactly? Certainly not me because I cannot verify what is inside.
(Score: 4, Insightful) by KiloByte on Wednesday October 18 2017, @12:59PM
This is correct, but not in the common sense of the word. In security speak, "trusted" means "authorized to break your security".
The word you're looking for is "trustworthy". Which also tends to be abused in marketing materials these days.
Ceterum censeo systemd esse delendam.
(Score: 2) by DannyB on Wednesday October 18 2017, @01:26PM (4 children)
The name does make me immediately skeptical: "Trump Platform Module" Really?
How can I expect a TPM to be working in my best interest?
It does things I neither wanted nor asked for. While I cannot verify what is on the inside of a TPM, I can see the results of having it installed and operational, without a means of overriding it or shutting it down in the BIOS.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 3, Insightful) by DECbot on Wednesday October 18 2017, @03:30PM (3 children)
If I don't trust the chip, why would I believe that it respects the BIOS settings and disables itself? Desoldering it from the motherboard seems to me to be the only way to trust that it isn't actively compromising your system.
cats~$ sudo chown -R us /home/base
(Score: 3, Insightful) by DannyB on Wednesday October 18 2017, @04:16PM
It is relevant to mention Intel's "management engine" here. You can't desolder that.
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 1, Interesting) by Anonymous Coward on Wednesday October 18 2017, @11:08PM (1 child)
i have used an exacto knife. fortunately, in the systems that happened to, the OS merely reports an error that tpm isnt functioning properly, maybe let an administrator know.
i do not expect that to fly in a corporate environment, nor a permissive attitude towards knife wielding.
(Score: 2) by takyon on Thursday October 19 2017, @02:35AM
If your corporate environment doesn't consider removal of TPM to be a security enhancement, that is their business unless it is your job to convince them otherwise.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Insightful) by JoeMerchant on Wednesday October 18 2017, @09:08PM
Anyone want to lay odds that this flaw was included intentionally (as a *cough* backdoor)?
🌻🌻 [google.com]
(Score: 2, Informative) by pdfernhout on Thursday October 19 2017, @03:40AM
https://www.youtube.com/watch?v=XgFbqSYdNK4 [youtube.com]
Related website: http://againsttcpa.com/ [againsttcpa.com]
The biggest challenge of the 21st century: the irony of technologies of abundance used by scarcity-minded people.
(Score: 0) by Anonymous Coward on Thursday October 19 2017, @04:02AM
of course no, there is not an ounce of honesty on these corporations or the way they make you pay for their honestly-backdoored hardware
(Score: 4, Informative) by bzipitidoo on Wednesday October 18 2017, @12:58PM (4 children)
We know how to formally verify systems, and also when it is impractical to do so. This subsystem seems one in which thorough formal verification was possible, and that it would have caught the problem.
However, formal verification can be a long, slow, and costly process. I can see them using formal verification on a few parts of a system, to say they did it, then skipping the rest, to save money and time, rush the good to market faster. To skip it on a security feature seems particularly stupid. Way to turn real security into more security theater.
It may all be academic, when practical quantum computers with sufficient numbers of qbits are built. That will break RSA, and may even break all known methods of public key cryptography. That may only be a few years away, hard to say.
(Score: 3, Interesting) by DannyB on Wednesday October 18 2017, @04:26PM (1 child)
Security, as in both the TPM and Intel's (and AMD's) "Management Engine" are great -- in principle. But not in current practice.
If I had, and nobody else had, complete control over both the TPM and Management Engine, they would both be great features to ensure that I could control EXACTLY what my computer could and could not do. I could actually trust my computer to work for me instead of against me1.
If private keys in the TPM are weak, then there should be protocols to cause the TPM to re-generate new strong keys. But maybe that is simply not possible. The whole point of the TPM is that it's private key exists only within the TPM and cannot ever be extracted from the TPM. And if the internal way that the private key is generated is deliberately weak, it probably cannot be fixed. But maybe that is deliberate. Now someone has discovered an "unintentional" problem that lets one reconstruct the TPM's private key using only the public key. Gee, I wonder what kind of TLA's might find that helpful to get compromised, signed, software to run and be fully trusted by the motherboard and the OS?
1(And not be trolling when I'm not looking.)
To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
(Score: 2, Insightful) by Anonymous Coward on Wednesday October 18 2017, @04:43PM
It's not a bug it's a feature!
At this point is anyone surprised? My default position is a lack of trust. After 20+ years of seeing the gov illegally spying on citizens and corporations getting away with ridiculously bad practices, I'm just not sure that trust can be rebuilt.
Now, open hardware AND software? That would be a start, but obviously not enough people value open policies let alone some really really rich people who could actually help the various programs out there.
(Score: 2) by frojack on Wednesday October 18 2017, @07:19PM
Verification might have been costly, but so was developing the chip.
And none of that was necessary. Linux has a driver for TPM, but its not installed by default on most distros, isn't even feature complete, and even when installed you have to go out of your way to turn it on.
Clearly there are software ways to accomplish what this chip purports to do.
It seems to have arisen in response to the need to store the UEFI credentials. But many machines lack this chipset completely.
No, you are mistaken. I've always had this sig.
(Score: 1, Interesting) by Anonymous Coward on Wednesday October 18 2017, @07:21PM
If they really claimed to do a formal verification, and missed it, there is an easy conclusion: it was a deliberate back-door.
I know dannyB said the same thing, but the formal verification proof works both ways. You can no longer claim that such things are just an oversight.
(Score: 3, Informative) by Anonymous Coward on Wednesday October 18 2017, @01:02PM (5 children)
Ok, let's take a look. I don't look at those things as often as I should, so I'll go to NIST [nist.gov]:
I guess I'll keep using free software to generate my keypairs. It's easier to emerge -1av gnupg gnutls openssl if there's a fix needed than to flash TPM firmware.
(Score: 4, Informative) by AssCork on Wednesday October 18 2017, @01:48PM
Just to put it in perspective, this has a higher 'base' score than KRACKATTACK, but the 'Overall' score is middle-of-the-pack.
CVE-2017-15361 as scored by CERT [cert.org] (CVSSv2 for some reason)
The 'overall' CVSSv2 score can be calculated by punching in the metrics CERT provides into the NVD CVSSv2 Score Calculator [nist.gov].
ProTIP: The 'Environmental' section is where an organization would make adjustments to a score. That's a Good Thing(tm), because some people implement technologies using a different strategy (though in this particular case, I don't know how you could mess with this)
Just popped-out of a tight spot. Came out mostly clean, too.
(Score: 2) by nobu_the_bard on Wednesday October 18 2017, @01:50PM (3 children)
I thought I recognized that term from something I read lately. I was looking into different Bitlocker configurations recently. Thank you for saving me the effort double checking it :)
I'm surprised that didn't make it into the linked article, it is a popular feature on newer Microsoft Windows machines in some industries.
(Score: 3, Informative) by AssCork on Wednesday October 18 2017, @02:27PM (2 children)
Microsoft's Advisory [microsoft.com] mentions BitLocker - You might want to dig into that.
Note that it takes two updates to nail this fix (September's and October's) unless you're deploying the 'quality rollups'.
Just popped-out of a tight spot. Came out mostly clean, too.
(Score: 5, Informative) by ElizabethGreene on Wednesday October 18 2017, @03:27PM (1 child)
It takes more than just updates to address this issue. The infeon chip's firmware needs to be updated (not a Microsoft update), and then you have to wipe and re-generate the keys stored in the TPM
Why is this a big deal?
Your Bitlocker (disk encryption) keys are stored in the TPM.
On a CA, the signing keys can (and should) be stored in the TPM.
On a system with CredentialGuard, the hypervisor keys are stored in the TPM.
On a system with a virtual smartcard, the keys are in the TPM.
It's a big freaking deal, and not enough people are paying attention to it.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 [microsoft.com]
Here's the kicker. If you are using the TPM in another operating system then you have a problem too. It looks like libengine-tpm-openssl is now abandonware. What is a good way to reach out to the people using it and tell them they have a problem?
(Score: 0) by Anonymous Coward on Wednesday October 18 2017, @11:10PM
yes, its a big deal
the people most interested in securing themselves grumbled and have begun what is necessary--as you listed...
everyone else doesnt care or refuses to be inconvenienced. which really is what got us into many of the security problems to begin with.
(Score: 1, Interesting) by Anonymous Coward on Wednesday October 18 2017, @01:38PM
https://www.reuters.com/article/us-infineon-cyber/infineon-says-has-fixed-encryption-flaw-found-by-researchers-idUSKBN1CL2KC [reuters.com]
(Score: 3, Informative) by Knowledge Troll on Wednesday October 18 2017, @01:42PM
See https://www.yubico.com/support/security-advisories/ysa-2017-01/ [yubico.com]
(Score: 2) by tangomargarine on Wednesday October 18 2017, @02:51PM (5 children)
world's smallest violin
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 0) by Anonymous Coward on Wednesday October 18 2017, @05:55PM (1 child)
Show me a PC compatible motherboard without it, then you can play your violin.
(Score: 0) by Anonymous Coward on Wednesday October 18 2017, @06:17PM
Like every ASRock consumer motherboard that has a socket for this? http://www.asrock.com/mb/spec/card.asp?Model=TPM-S%20Module [asrock.com]
(Score: 0) by Anonymous Coward on Wednesday October 18 2017, @06:10PM
TPM? That will be in the TPS Report. Now don't forget to use the new cover...
(Score: 3, Interesting) by JoeMerchant on Wednesday October 18 2017, @09:05PM (1 child)
Seems like TPM has a weak key-pair generator... what I want to know is how they screwed that up when good key-pair generators have been open source for decades?
🌻🌻 [google.com]
(Score: 4, Informative) by tangomargarine on Wednesday October 18 2017, @09:49PM
"Ew, that crypto is written by smelly hippies who are bad at coding. We'll just make our own."
Fast forward ten years, to when the universe smacks them upside the head.
"Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
(Score: 2, Informative) by Anonymous Coward on Wednesday October 18 2017, @03:16PM (2 children)
They are known collaborators with the NSA they took money to backdoor there encryption
(Score: 0) by Anonymous Coward on Wednesday October 18 2017, @03:26PM
It's dangerous to go alone. Take this: ".".
(Score: 3, Informative) by sjames on Thursday October 19 2017, @06:56PM
RSA in this case is referring to the public key crypto system, not RSA the company run by weasels.