Infineon

Infineon TPM chipsets that come with many modern-day motherboards generate insecure RSA encryption keys that put devices at risk of attack.

TPM stands for Trusted Platform Module (TPM), which is an international standard for secure cryptoprocessors that are used to store critical data such as passwords, certificates, and encryption keys.

At the hardware level, TPMs are dedicated microcontrollers that co-exist on the main system board (motherboard) and provide hardware isolation and generate and store artifacts used to authenticate the platform, such as passwords, certificates, or encryption keys.

TPM module

Vulnerability affects only Infineon TPMs

According to a security alert issued by Infineon last week, a vulnerability in the Infineon TPM firmware results in the generation of weak RSA keys. Only Infineon TPMs based on the TCG specification family 1.2 and 2.0 are affected.

The vulnerability allows for an attack on RSA1024 and RSA2048, and affects chips manufactured as early as 2012. RSA encryption works by encrypting data with a dual private and public key. The attack allows an attacker to determine the private key.

Infineon, a German semiconductor company, is one of the many TPM vendors currently used in production, so not all motherboards are affected.

Infineon issued a firmware update last week and has forwarded the update to motherboard vendors which are now working on integrating the Infineon TPM firmware update into all their products.

Long list of affected vendors

TPMs are typically used in business laptops, routers, embedded and IoT devices. Known affected vendors include Acer, ASUS, Fujitsu, HP, Lenovo, LG, Samsung, Toshiba, and other smaller Chromebook vendors.

"The information in this security bulletin should be acted upon as soon as possible," says HP in a security alert issued today.

"The vulnerability weakens public key resistance against attacks that are used to deduce the corresponding [RSA] private key," said Fujitsu in a similar alert.

"RSA public keys generated by the Infineon TPM for use by certain software programs should be considered insecure," said Lenovo. "Only software that uses RSA keys generated by the TPM is affected by this vulnerability."

The three vendors are working on pushing out firmware updates, and they've published lists of affected products that use Infineon TPMs in their respective advisories.

OS vendors issue "workarounds"

Microsoft and Google have also issued security updates that mitigate the flaw.

Microsoft categorized its updates as a "workaround" that try to prevent exploitation. Users will have to check if their motherboard uses an Infineon TPM chipset and manually apply the firmware update when available, for each affected product.

The update is mitigated in different ways per Windows version. Points 8, 9, 10 in the Microsoft Advisory 170012 describes how each Windows version is affected and how users can protect themselves.

Chromebooks devices are also affected. Google has published a list of affected Chromebooks in a security advisory here. The company has also issued Chrome OS M60 to mitigate the flaw. Again, Google has released only a workaround and users will have to look for motherboard updates from their vendors.

Google also puts the vulnerability in perspective, explaining that normal users do not fit in the vulnerability's threat vector, but the issue could be exploited for targeted attacks on high-value targets.

"The currently known exploits are computationally expensive," Google says. "TPM-generated RSA keys can't be broken at large scale, but targeted attacks are possible. To summarize: There exists a practical attack against TPM-generated RSA keys, but it doesn't allow large-scale exploitation of Chrome OS devices."

Users will need to regenerate passwords, access tokens

Until motherboard vendors issue a new firmware update to include Infineon's TPM fix, the general recommendation is to move critical users and data handling operations to devices that have updated firmware or to devices not affected by this vulnerability.

Once users have received the firmware update, they should regenerate all TPM keys. This is done by changing all passwords for TPM-enabled apps.

Because it is hard to know what apps and OS features use the TPM, users can reset the TPM module by typing TPM.MSC in their Windows Search/Run field and resetting the TPM from there. More instructions are available in this Technet article.

UPDATE [October 16, 13:10 ET]: Post publication, the team behind this research has published a website with extra information on the attack, codenamed ROCA (Return of Coppersmith's Attack), and a website to test if RSA keys are vulnerable to the ROCA attack. A research paper will also be presented later this month at the ACM CCS security conference. The research paper will be named "The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli," and is authored by researchers from the IT Security Lab at Faculty of Informatics, Masaryk University, Czech Republic.