6:5pm, 17 Oct 2017

TLP Rating: White

ROCA: Major security flaw in crypto keys discovered

A significant flaw in the firmware of a chip used in hardware security tokens has raised issues with the security of millions of encryption keys.

Researchers have identified a vulnerability in the RSA keys that are generated by chips from Infineon Technologies. The vulnerability is being referred to as ROCA (Return of the Coppersmith’s Attack). The keys are weaker than would be expected of keys of the same length, and are vulnerable to factorisation. This means that, given a public key, it would be feasible to re-create the private key.

The chips are generally embedded inside devices of other manufacturers, and are often used in hardware security tokens such as Yubikeys, or Trusted Platform Modules (TPM) in computers.