[Cryptech Tech] [FORGED] News item: Major HSM vulnerabilities impact banks, cloud providers, governments

Warren Kumari warren at kumari.net
Wed Jun 12 23:31:37 UTC 2019


On Wed, Jun 12, 2019 at 4:11 AM Leif Johansson <leifj at sunet.se> wrote:
>
> On 2019-06-12 06:27, Peter Gutmann wrote:
> > Warren Kumari <warren at kumari.net> writes:
> >
> >> Major HSM vulnerabilities impact banks, cloud providers, governments
> >> https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/
> >
> > From TFA:
> >
> >   The duo's research paper is currently available only in French,
> >
> > Devilishly clever!  That way Thales and Gemalto can fix their HSMs while the
> > non-French-speaking hackers have to wait for Black Hat to find out what the
> > vulns are.
> >
> > Despite the inexplicable lack of being taught phrases like "couche de resine
> > epoxy" while still learning everyday useful things like "le ballon tombe dans
> > les fleurs", the gist of the paper is that running externally-updatable
> > ancient unpatched Linux (an unstripped, unhardened 2.26 (!!!) kernel) with
> > buggy PKCS #11 firmware on your HSM isn't a good idea.
> >
> > This isn't really an HSM, it's more an IoT device with a crypto accelerator
> > attached.  Once I read to the description of the configuration, my only
> > surprise was that it took this long to get pwned.  Not wanting to downplay the
> > authors' achievement, but it's a hack of a generic, run-of-the-mill IoT
> > device, just one that happens to be advertised as an HSM.
> >
> > It's also not surprising that you can attack the PKCS #11 API directly, as the
> > authors correctly point out it's very complex and therefore has a very large
> > attack surface.  I'm sure many PKCS #11 client-app developers have
> > inadvertently "attacked" their PKCS #11 implementation just by passing in
> > incorrect parameters while developing code (I have, for several
> > implementations).
> >
> > In addition, with what they're running as the firmware as an indicator, it's
> > also not overly surprising that the crypto code itself is of, uhh, sub-par
> > quality.  Sorta confirms the comment I made in my book that "A great many
> > security systems in use today are secure only because no-one's ever bothered
> > attacking them".
> >
> > All in all a nice piece of work, and an interesting read.
> >
>
> My french is a bit rusty but did you also understand that the attack
> was based on the ability to do fw upgrade over P11?

Nope -- my French is nonexistent; I tried copying and pasting bits
into Google Translate, but got frustrated quickly.

I was mainly entertained by the fact that a consumer news site like
zdnet was writing about this.

W

> Needless to say
> that seems like a ... unique property to have in your P11 impl but
> I am worried I have misread the paper.
>
>         Cehers Leif
>
> _______________________________________________
> Tech mailing list
> Tech at cryptech.is
> https://lists.cryptech.is/listinfo/tech



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf


More information about the Tech mailing list