Major HSM vulnerabilities impact banks, cloud providers, governments (2024)

Table of Contents
Security Remote attack discovered in one HSM brand Vendor unnamed -- for now More vulnerability reports:
Major HSM vulnerabilities impact banks, cloud providers, governments (1)

Security

  • The best VPN services of 2024: Expert tested

  • How to turn on Private DNS Mode on Android (and why you should)

  • The best antivirus software and apps you can buy

  • The best VPN routers you can buy

  • How to find and remove spyware from your phone

Two security researchers have recently revealed vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside special computer components known as HSMs (Hardware Security Modules).

HSMs are hardware-isolated devices that use advanced cryptography to store, manipulate, and work with sensitive information such as digital keys, passwords, PINs, and various other sensitive information.

In the real world, they can take the form of add-in computer cards, network-connectable router-like devices, or USB-connected thumb drive-like gadgets.

See Also
Luna Hardware Security Modules🔒The Importance of Security: Creating Awareness and Highlighting the Benefits🔒Zetech University

They are usually used in financial institutions, government agencies, data centers, cloud providers, and telecommunications operators. While they've been a niche hardware component for almost two decades, they are now more common than ever, as many of today's "hardware wallets" are, basically, fancily-designed HSMs.

Remote attack discovered in one HSM brand

At a security conference in France this past week, two security researchers from hardware wallet maker Ledger have disclosed details about several vulnerabilities in the HSM of a major vendor.

The duo's research paper is currently available only in French, but the two are also scheduled to present their findings at the Black Hat security conference that will be held in the US in August.

According to a summary of this upcoming presentation, the vulnerabilities they discovered allow a remote unauthenticated attacker to take full control of the vendor's HSM.

"The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials," researchers said.

Furthermore, the two also said they can "exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM."

"This firmware includes a persistent backdoor that survives a firmware update," they added.

Vendor unnamed -- for now

The duo, made up by Gabriel Campana and Jean-Baptiste Bédrune, said they reported the findings to the HSM maker, which "published firmware updates with security fixes."

The two did not name the vendor, but the team behind the Cryptosense security audit software pointed out that the vendor may be Gemalto, which issued a security update last month for its Sentinel LDK, an API for managing hardware keys on HSM components.

Here is the original paper (in french) for this talk: https://t.co/WpMn6ogrSG The HSM vendor is not disclosed, but its SDK apparently uses a struct named CK_BIP32_CHILD_DERIVE_PARAMS... 😗🎶 https://t.co/IFABDlCwFx

— sam280 (@sam280) June 7, 2019

The Cryptosense team, which also includes some francophone members, translated and put together a summary of the Ledger team's research, which we've embedded below:

  1. They started by using legitimate SDK access to their test HSM to upload a firmware module that would give them a shell inside the HSM. Note that this SDK access was used to discover the attacks, but is not necessary to exploit them.
  2. They then used the shell to run a fuzzer on the internal implementation of PKCS#11 commands to find reliable, exploitable buffer overflows.
  3. They checked they could exploit these buffer overflows from outside the HSM, i.e. by just calling the PKCS#11 driver from the host machine
  4. They then wrote a payload that would override access control and, via another issue in the HSM, allow them to upload arbitrary (unsigned) firmware. It's important to note that this backdoor is persistent – a subsequent update will not fix it.
  5. They then wrote a module that would dump all the HSM secrets, and uploaded it to the HSM.

The Cryptosense team also points out that the attack methods used by the Ledger research team are not particularly novel, and that others could have very well discovered these security flaws.

"Certainly well-funded vulnerability research teams at state-level intelligence agencies could have carried out similar work and discovered this attack," Cryptosense researchers said.

"The disruption caused to a target country's financial system by revealing certain secret keys would be pretty interesting to those looking to carry out cyber warfare.

"Perhaps the most concerning part of the attack is that the firmware update backdoor is persistent. There could be live HSMs deployed in critical infrastructure now containing similar backdoors," they added.

It’s amazing to me that HSM interfaces are this vulnerable. What utter garbage. From: https://t.co/DIVegODGo0 pic.twitter.com/rmUCMptdJU

— Matthew Green (@matthew_d_green) June 8, 2019

The future of food includes self-driving tractors, precision agriculture, robots, AI, and IoT

More vulnerability reports:

Major HSM vulnerabilities impact banks, cloud providers, governments (2024)
Top Articles
Financial Adulting: Everything You Need to Be a Financially Confident and Conscious AdultHardcover
Best Crypto Exchange & Trading App in India: CoinCRED
English Bulldog Puppies For Sale Under 1000 In Florida
Katie Pavlich Bikini Photos
Gamevault Agent
Pieology Nutrition Calculator Mobile
Hocus Pocus Showtimes Near Harkins Theatres Yuma Palms 14
Hendersonville (Tennessee) – Travel guide at Wikivoyage
Compare the Samsung Galaxy S24 - 256GB - Cobalt Violet vs Apple iPhone 16 Pro - 128GB - Desert Titanium | AT&T
Vardis Olive Garden (Georgioupolis, Kreta) ✈️ inkl. Flug buchen
Craigslist Dog Kennels For Sale
Things To Do In Atlanta Tomorrow Night
Non Sequitur
Crossword Nexus Solver
How To Cut Eelgrass Grounded
Pac Man Deviantart
Alexander Funeral Home Gallatin Obituaries
Energy Healing Conference Utah
Geometry Review Quiz 5 Answer Key
Hobby Stores Near Me Now
Icivics The Electoral Process Answer Key
Allybearloves
Bible Gateway passage: Revelation 3 - New Living Translation
Yisd Home Access Center
Pearson Correlation Coefficient
Home
Shadbase Get Out Of Jail
Gina Wilson Angle Addition Postulate
Celina Powell Lil Meech Video: A Controversial Encounter Shakes Social Media - Video Reddit Trend
Walmart Pharmacy Near Me Open
Marquette Gas Prices
A Christmas Horse - Alison Senxation
Ou Football Brainiacs
Access a Shared Resource | Computing for Arts + Sciences
Vera Bradley Factory Outlet Sunbury Products
Pixel Combat Unblocked
Movies - EPIC Theatres
Cvs Sport Physicals
Mercedes W204 Belt Diagram
Mia Malkova Bio, Net Worth, Age & More - Magzica
'Conan Exiles' 3.0 Guide: How To Unlock Spells And Sorcery
Teenbeautyfitness
Where Can I Cash A Huntington National Bank Check
Topos De Bolos Engraçados
Sand Castle Parents Guide
Gregory (Five Nights at Freddy's)
Grand Valley State University Library Hours
Hello – Cornerstone Chapel
Stoughton Commuter Rail Schedule
Nfsd Web Portal
Selly Medaline
Latest Posts
Learn 3 Common Ways to Forecast Currency Exchange Rates
Eight surprising ways to raise your credit score
Article information

Author: Terrell Hackett

Last Updated:

Views: 6749

Rating: 4.1 / 5 (52 voted)

Reviews: 83% of readers found this page helpful

Author information

Name: Terrell Hackett

Birthday: 1992-03-17

Address: Suite 453 459 Gibson Squares, East Adriane, AK 71925-5692

Phone: +21811810803470

Job: Chief Representative

Hobby: Board games, Rock climbing, Ghost hunting, Origami, Kabaddi, Mushroom hunting, Gaming

Introduction: My name is Terrell Hackett, I am a gleaming, brainy, courageous, helpful, healthy, cooperative, graceful person who loves writing and wants to share my knowledge and understanding with you.