What You Need To Know About The "ROCA" vulnerability

By Daniel Franke, Infosec Researcher

Akamai is aware of the recently-disclosed “ROCA” vulnerability in cryptographic firmware used in products made by Infineon Technologies. A bug in the firmware’s prime-search algorithm used for RSA key generation results in RSA keys that are relatively cheap and inexpensive to factor. The bug impacts Infineon Trusted Platform Modules (TPMs) as well as many smartcards and Hardware Security Modules (HSMs) that use Infineon chips but do not carry Infineon branding, notably including the popular YubiKey 4. In some cases, it may be possible to patch affected devices with an OEM-supplied firmware update. In other cases, the hardware must be replaced.

 

Any RSA key generated on a vulnerable device must be considered compromised and be revoked and rotated. Keys for algorithms other than RSA, such as OpenSSH, are unaffected. RSA keys generated in software and then transferred onto vulnerable devices are also unaffected. You can test whether a key is vulnerable by uploading the public key to https://keychest.net/roca.

Akamai has determined that no customer-facing systems are impacted by this vulnerability; in particular, customer TLS certificates are unaffected and no action is needed. 

 

This is a Security Bloggers Network syndicated blog post authored by Akamai InfoSec. Read the original post at: The Akamai Blog

One thought on “What You Need To Know About The "ROCA" vulnerability

  • October 27, 2017 at 5:54 am
    Permalink

    Uh.

    > Keys for algorithms other than RSA, such as OpenSSH

    That makes no sense.
    0) RSA is an algorithm. OpenSSH is an implementation of a protocol.
    1) OpenSSH can use RSA for both client and server auth.
    2) Yes if you use OpenSSH with these weak keys you WILL be vulnerable.

    The protocol to communicate with github uses SSH, and Github has revoked many many keys for its users because of ROCA.

    > RSA keys generated in software and then transferred onto vulnerable devices are also unaffected

    Also not true. They’re affected. Quoting myself:
    “If the SRK is weak then not only are very likely all others keys you generated in the TPM weak, but also anything generated outside the TPM and imported is crackable, since your blobs are encrypted using this crackable SRK key.”
    https://blog.habets.se/2017/10/Is-my-TPM-affected-by-the-Infineon-disaster.html

Comments are closed.