A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs.
Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect sensitive information from attackers even when your operating system gets compromised.
TMP technology is being used widely by billion of desktops, laptops, servers, smartphones, and even by Internet-of-Things (IoT) devices to protect encryption keys, passwords, and digital certificates.
Collectively dubbed as TPM-Fail, both newly found vulnerabilities, as listed below, leverage a timing-based side-channel attack to recover cryptographic keys that are otherwise supposed to remain safely inside the chips.
According to researchers, elliptic curve signature operations on TPMs from various manufacturers are vulnerable to timing leakage issues, which could lead to the recovery of a private key by measuring the execution time of operation inside the TPM device.
“A privileged adversary can exploit the OS kernel to perform accurate timing measurement of the TPM, and thus discover and exploit timing vulnerabilities in cryptographic implementations running inside the TPM.”
“They are practical [attacks]. A local adversary can recover the ECDSA key from Intel fTPM in 4-20 minutes, depending on the access level.”
As a proof-of-concept (code on GitHub), researchers tested and managed to recover 256-bit ECDSA and ECSchnorr private keys by collecting signature timing data with and without administrative privileges.
“Further, we managed to recover ECDSA keys from an fTPM-endowed server running StrongSwan VPN over a noisy network as measured by a client.”
“In this attack, the remote client recovers the server’s private authentication key by timing only 45,000 authentication handshakes via a network connection.”
“The fact that a remote attack can extract keys from a TPM device certified as secure against side-channel leakage underscores the need to reassess remote attacks on cryptographic implementations.”
Once recovered, an attacker can use stolen keys to forge digital signatures, steal or alter encrypted information, and bypass OS security features or compromise applications that rely on the integrity of the keys.
“The vulnerable Intel fTPM is used by many PC and laptop manufacturers, including Lenovo, Dell, and HP.”
Besides this, researchers also tested TMP solutions manufactured by Infineon and Nuvoton and found them vulnerable to non-constant execution timing leakage issues.
Researchers responsibly reported their findings to Intel and STMicroelectronics in February this year, and the companies just yesterday released a patch update for affected products.