Flaw Allows Hackers to Recover Private RSA Keys in Billions of Devices
Return To ArticleMicrosoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies.
Infineon’s Trusted Platform Module (TPM) is a widely-used, dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices and is used for secured crypto processes.
Dubbed ROCA (Return of Coppersmith’s Attack), the factorization attack introduced by the researchers could potentially allow a remote attacker to reverse-calculate a private encryption key just by having a target’s public key—thanks to this bug. This could eventually allow the attacker to impersonate key owner, decrypt victim’s sensitive data, inject malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with the targeted computer.
