Cracking RSA Keys at a Factor of the Price
A few weeks ago, we wrote about a fundamental weakness in the generation of RSA keys produced by Infineon Technologies AG. The weakness would allow an attacker to successfully crack a single 2,048 bit RSA key with 51,400 vCPU days; roughly $35,000 on Amazon EC2. In the time since then, researchers Daniel J. Bernstein and Tanja Lange developed a more efficient attack that is up to 25% faster than the original ROCA attack.
The bad news doesn’t stop there as the price could further be driven down through the use of specialized hardware such as GPU, FPGA, or ASIC, leaving the attackers with just an energy bill of $2,000 to crack a single key.
Estonia moved to suspend the digital ID cards affected by the vulnerability and citizens must update digital certificates. These digital ID cards are used to identify the user for voting and filing taxes.
If you use a hardware token for RSA key generation, double check with the manufacturer to make sure your device is not affected.
IoT Keyboard Cloud Driver
From the department of “why is that a thing,” users discovered that the driver shipped with their MantisTek GK2 mechanical keyboard is collecting keystroke metrics and sending them to the cloud.
The initial assumption was that the driver was delivering malware and collecting keystrokes to spy on users; however, upon further inspection, it appears that only the keystroke metrics were sent to the cloud, presumably to determine the lifetime of individual keyboard keys.
However, the invasion of privacy still remains and serves as a good warning that every piece of software you install expands your attack surface.
Money Disappearing into the Ether(eum)
The answer to that silly question is (Read more...)
*** This is a Security Bloggers Network syndicated blog from Cylance Blog authored by Cylance Research and Intelligence Team. Read the original post at: https://threatmatrix.cylance.com/en_us/home/this-week-in-security-11-10-2017.html