A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs.
Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect sensitive information from attackers even when your operating system gets compromised.
TMP technology is being used widely by billion of desktops, laptops, servers, smartphones, and even by Internet-of-Things (IoT) devices to protect encryption keys, passwords, and digital certificates.
Collectively dubbed as TPM-Fail, both newly found vulnerabilities, as listed below, leverage a timing-based side-channel attack to recover cryptographic keys that are otherwise supposed to remain safely inside the chips.
- CVE-2019-11090: Intel fTPM vulnerabilities
- CVE-2019-16863: STMicroelectronics TPM chip
According to researchers, elliptic curve signature operations on TPMs from various manufacturers are vulnerable to timing leakage issues, which could lead to the recovery of a private key by measuring the execution time of operation inside the TPM device.
“A privileged adversary can exploit the OS kernel to perform accurate timing measurement of the TPM, and thus discover and exploit timing vulnerabilities in cryptographic implementations running inside the TPM.”
“They are practical [attacks]. A local adversary can recover the ECDSA key from Intel fTPM in 4-20 minutes, depending on the access level.”
images from Hacker News