TPM-Fail Vulnerabilities Affecting Billions of Devices

Posted by & filed under Ειδοποιήσεις.

A team of cybersecurity researchers today disclosed details of two new potentially serious CPU vulnerabilities that could allow attackers to retrieve cryptographic keys protected inside TPM chips manufactured by STMicroelectronics or firmware-based Intel TPMs.

Trusted Platform Module (TPM) is a specialized hardware or firmware-based security solution that has been designed to store and protect sensitive information from attackers even when your operating system gets compromised.

TMP technology is being used widely by billion of desktops, laptops, servers, smartphones, and even by Internet-of-Things (IoT) devices to protect encryption keys, passwords, and digital certificates.

Collectively dubbed as TPM-Fail, both newly found vulnerabilities, as listed below, leverage a timing-based side-channel attack to recover cryptographic keys that are otherwise supposed to remain safely inside the chips.

According to researchers, elliptic curve signature operations on TPMs from various manufacturers are vulnerable to timing leakage issues, which could lead to the recovery of a private key by measuring the execution time of operation inside the TPM device.

“A privileged adversary can exploit the OS kernel to perform accurate timing measurement of the TPM, and thus discover and exploit timing vulnerabilities in cryptographic implementations running inside the TPM.”

“They are practical [attacks]. A local adversary can recover the ECDSA key from Intel fTPM in 4-20 minutes, depending on the access level.”

As a proof-of-concept (code on GitHub), researchers tested and managed to recover 256-bit ECDSA and ECSchnorr private keys by collecting signature timing data with and without administrative privileges.

“Further, we managed to recover ECDSA keys from an fTPM-endowed server running StrongSwan VPN over a noisy network as measured by a client.”

“In this attack, the remote client recovers the server’s private authentication key by timing only 45,000 authentication handshakes via a network connection.”

“The fact that a remote attack can extract keys from a TPM device certified as secure against side-channel leakage underscores the need to reassess remote attacks on cryptographic implementations.”


Once recovered, an attacker can use stolen keys to forge digital signatures, steal or alter encrypted information, and bypass OS security features or compromise applications that rely on the integrity of the keys.

“The vulnerable Intel fTPM is used by many PC and laptop manufacturers, including Lenovo, Dell, and HP.”

Besides this, researchers also tested TMP solutions manufactured by Infineon and Nuvoton and found them vulnerable to non-constant execution timing leakage issues.

Researchers responsibly reported their findings to Intel and STMicroelectronics in February this year, and the companies just yesterday released a patch update for affected products.


The information contained in this website is for general information purposes only. The information is gathered from The Hacker News, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.