Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers

November 13, 2019
in Internet Security
TPM-FAIL vulnerabilities impact TPM chips in desktops, laptops, servers
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

A team of academics has disclosed today two vulnerabilities known collectively as TPM-FAIL that could allow an attacker to retrieve cryptographic keys stored inside TPMs.

Thanks to efforts from the research team, both vulnerabilities have been fixed, which is a good thing since both issues can be weaponized in doable real-world attacks — something that is very rare in the case of TPM vulnerabilities.

You might also like

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

Billions of smartphone owners will soon be authorising payments using facial recognition

PayPal rolls out new fraud management tools for merchants

What are Trusted Platform Modules

TPM stands for Trusted Platform Module. In the early days of computing, TPMs were separate chips added to a motherboard were a CPU would store and manage sensitive information such as cryptographic keys.

These keys were used to ensure hardware integrity during the boot-up process or to attest various cryptographic operations, such as handling digital certificates, ensuring HTTPS connections on servers, or verifying authentication-related processes.

However, as the hardware ecosystem evolved with modern smartphones and “smart” embedded devices, there was no room for a separate TPM chipset on all devices, and a 100% software-based solution was developed in the form of firmware-based TPMs — also known as fTPMs.

Nowadays, it’s hard to find a device that’s not using a TPM, either in the form of a hardware-isolated chip, or a software-based solution. TPMs are at the heart of most devices, even in tiny electronics, such as some IoT “smart” devices.

TPM-Fail — what is impacted

In a research paper published today, a team of academics from the Worcester Polytechnic Institute (USA), the University of Lübeck (Germany), and the University of California, San Diego (USA) has disclosed two vulnerabilities that impact two very widely used TPM solutions.

The first vulnerability is CVE-2019-11090 and impacts Intel’s Platform Trust Technology (PTT).

Intel PTT is Intel’s fTPM software-based TPM solution and is widely used on servers, desktops, and laptops, being supported on all Intel CPUs released since 2013, starting with the Haswell generation.

The second is CVE-2019-16863 and impacts the ST33 TPM chip made by STMicroelectronics.

This chip is incredibly popular and is used on a wide array of devices ranging from networking equipment to cloud servers, being one of the few chips that received a CommonCriteria (CC) EAL 4+ classification — which implies it comes with built-in protection against side-channel attacks like the ones discovered by the research team.

TPM-Fail — the attacks

The actual attacks on these two TPM technologies is what security researcher call a “timing leakage.”

An external observer can record the time differences when the TPM is performing repetative operations and infer the data being processed inside the secure chip — all based on the amount of time the TPM takes to do the same thing over and over again.

The research team says the “timing leakage” they discovered can be used to extract 256-bit private keys that are being stored inside the TPM. More specifically, 256-bit private keys used by certain digital signature schemes based on elliptic curves algorithms such as ECDSA and ECSchnorr.

While this sounds like a very narrow attack surface, these two are common digital signature schemes used in many of today’s cryptographically-secured operations, such as establishing TLS connections, signing digital certificates, and authorizing logins.

But the novelty and danger factor surrounding TPM-FAIL relies in the fact that this attack is also fully weaponizable in a real-world scenario.

Similar attacks on TPMs usually recover partial keys or take too long to execute. TPM-FAIL does not.

“They are practical,” the research team said about TPM-FAIL.

“A local adversary can recover the ECDSA key from Intel fTPM in 4-20 minutes depending on the access level,” they said.

“We even show that these attacks can be performed remotely on fast networks, by recovering the authentication key of a virtual private network (VPN) server in 5 hours.”

Performing a five-hour-long attack on a remote VPN server isn’t as hard as it sounds. Per the research team, the attack involves initiating around 45,000 authentication handshakes against a remote VPN server and recording the responses.

After enough observations of the response time, attackers would be able to recover the private key that the VPN server was using to sign and verify authentication operations, and allowing themselves to access a VPN-protected network.

The only good news is that the attack is not trivial and that some advanced technical knowledge would be needed from an attacker — however, not that advanced that would exclude any potential attacks.

“The attacks could indeed be weaponized with some effort,” Daniel Moghimi from the Worcester Polytechnic Institute, and one of the researchers behind TPM-FAIL, told ZDNet in an interview today.

“The required skill to pull this kind of attack is, of course, more than the script-kiddie effort, but there are many people out there who use similar techniques to solve more advanced CTF challenges.”

TPM-FAIL — patches and proof-of-concept code

Moghimi told ZDNet that the research team started working on exploring this new attack vector inside TPMs earlier this year in January.

They tested many TPM technologies and not just the ones from Intel and STMicroelectronics. However, TPMs from Infineon and Nuvoton were not found to be vulnerable.

The first issue that they discovered was the one impacting Intel’s PPT, which they reported to the company in February.

“Intel was quite professional,” Moghimi told ZDNet. “In the last two years, they have pretty much streamlined the disclosure process. Our only concern was the initial assigned CVS score, but after we provided them a detailed [proof-of-concept] showing that the attack can be performed remotely, they changed/increased it.”

Moghimi said this disclosure process ended today, on November 12, when Intel released firmware updates for the Intel PTT, which users can download via the company’s official security advisory.

The STMicroelectronics issue was discovered a few months later after the Intel one, namely in May, when the research team also reached out to the company.

Since STMicroelectronics was shipping a hardware-enforced TPM, the company couldn’t just issue a software update. Instead, they prepared a new iteration of the ST33 chip.

The research team said they received a version of this new chip and confirmed that it was resistant to the TPM-FAIL attacks on September 12, 2019.

The company was supposed to publish a security advisory at the following URL (also mentioned in a Microsoft security advisory), but the security advisory was not public at the time of this article’s publication.

Now, a long process starts during which end-users — home consumers and enterprise customers alike — are expected to update CPU/motherboard firmware, and replace outdated equipment.

Of the two, the issue impacting Intel’s fTPM solution is considered the most dangerous, as it could be exploited remotely.

The research team told ZDNet they plan to publish the tools they used to analyze the vulnerable TPMs, along with proof-of-concept code, on GitHub.

In large enterprise networks, some system administrators may not be fully aware of what TPMs they are using on particular devices. The proof-of-concept code should help these sysadmins test and see if they have devices vulnerable to the two attacks.

Unfortunately, the same proof-of-concept code may also end up helping attackers, once it gets published online. Applying the Intel PPT firmware updates should be a top priority.

A technical whitepaper on the TPM-FAIL attacks is available for download, and is entitled “TPM-FAIL: TPM meets Timing and Lattice Attacks.” A dedicated website is also available. Some of the researchers involved in TPM-FAIL were also involved in the discovery of the Zombieload and Spoiler CPU vulnerabilies.

Credit: Zdnet

Previous Post

It’s Official – Our DNN Models are Now Commodity Software

Next Post

ABCs of UEBA: M is for Machine Learning

Related Posts

Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Billions of smartphone owners will soon be authorising payments using facial recognition
Internet Security

Billions of smartphone owners will soon be authorising payments using facial recognition

April 13, 2021
PayPal rolls out new fraud management tools for merchants
Internet Security

PayPal rolls out new fraud management tools for merchants

April 12, 2021
Ransomware: The internet’s biggest security crisis is getting worse. We need a way out
Internet Security

Ransomware: The internet’s biggest security crisis is getting worse. We need a way out

April 12, 2021
Washington State educational organizations targeted in cryptojacking spree
Internet Security

Washington State educational organizations targeted in cryptojacking spree

April 10, 2021
Next Post
Using Machine Learning to Reduce False Positives

ABCs of UEBA: M is for Machine Learning

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

BERT Transformers — How Do They Work? | by James Montantes | Apr, 2021
Neural Networks

BERT Transformers — How Do They Work? | by James Montantes | Apr, 2021

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Epoch and Map of the Energy Transition through the Consensus Validator
Data Science

Epoch and Map of the Energy Transition through the Consensus Validator

April 13, 2021
Bitcoin mining in China could threaten climate policies, new study shows
Blockchain

Bitcoin mining in China could threaten climate policies, new study shows

April 13, 2021
Artificial Intelligence Research at Duke
Machine Learning

Artificial Intelligence Research at Duke

April 13, 2021
Learning Not To Fear Machine Learning | by Dimitry Belozersky | Apr, 2021
Neural Networks

Learning Not To Fear Machine Learning | by Dimitry Belozersky | Apr, 2021

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • BERT Transformers — How Do They Work? | by James Montantes | Apr, 2021 April 13, 2021
  • Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised April 13, 2021
  • Epoch and Map of the Energy Transition through the Consensus Validator April 13, 2021
  • Bitcoin mining in China could threaten climate policies, new study shows April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates