Security researchers Daniel Moghimi and Berk Sunar (both pictured below), from the Worcester Polytechnic Institute (WPI), worked with Thomas Eisenbarth from the University of Lübeck and Nadia Heninger from the University of California San Diego to identify two critical vulnerabilities in billions of devices used today.
They dubbed the attack TPM-Fail, and claimed it would potentially affect billions of laptop, server, tablet, and desktop users around the world.
Worcester Polytechnic Institute security researchers Berk Sunar (left) and Daniel Moghimi (right) have discovered security vulnerabilities in computer chips made by Intel Corp and STMicroelectronics. Image Credit: Worcester Polytechnic Institute.
The newly-discovered flaws would have (if they continued to go undetected), allowed hackers to use the Trusted Platform Module (TPM) of the affected systems to forge digital signatures and tamper with the respective operating systems in various ways.
TPMs are essentially microcontrollers that can securely store pieces of data used to authenticate the platform of the device in question. These can be passwords, certificates, or encryption keys. Authentication and attestation (a process designed to prove that a system has not been breached), are necessary steps to ensure secure computing environments.
The vast majority of laptop and desktop devices today either have a dedicated TPM chip, or the Intel firmware-based Trusted Platform Module (fTPM), which runs on a separate microprocessor inside the CPU.
The trusted components of a Trusted Platform Module include the platform configuration registers, crypto engine, and random number generator. Other hardware components, system software and applications are considered untrusted. Image Credit: TPM-Fail.
Going back to the specific flaw discovered by WPI researchers, the TPM-Fail would be related to the fact that both Intel fTPM and the STMicroelectronics ST33 chips show secret-dependent execution times during cryptographic signature generation.
Normally, during this process the key would remain safely inside the TPM hardware, but in these two chips the flaw would allow an attacker to recover 256-bit private keys from digital signature schemes based on elliptic curves.
What’s more, the latest research shows that these attacks are extremely practical for hackers: a local adversary is able to recover the ECDSA key from Intel fTPM in 4 to 20 minutes depending on the access level.
In fact, when performed remotely on fast networks, these attackers could recover the very authentication key of a virtual private network (aka VPN) server in a matter of hours.
It goes without saying then that, with billions of devices that are using these chips, TPM-Fail could have caused serious damage, if it had gone undetected for longer.
“If hackers had taken advantage of these flaws, the most fundamental security services inside the operating system would have been compromised,” said Sunar, professor of electrical and computer engineering and leader of WPI’s Vernam Lab. “This chip is meant to be the root of trust. If a hacker gains control of that, they’ve got the keys to the castle.”
User-Level Adversary and Remote User Datagram Protocol Attack: a graph that represents key recovery success probabilities by lattice dimension for 4-bit and 8-bit cases for Elliptic Curve Digital Signature Algorithm.—with timings collected from the user space in one scenario, and over the network from a remote client in another scenario. Image Credit: TPM-Fail.
Luckily, following the WPI study, the manufacturers patched the vulnerabilities, and both chips should now be safe to use.
“We provided our analysis tools and results to Intel and STMicroelectronics and both companies worked with us to create a patch or make sure a security patch will be provided for the next generation of these devices,” explained Moghimi, a PhD in WPI’s Electrical and Computer Engineering department.
“STMicroelectronics developed a new ST33 chip with vulnerability countermeasures in the firmware,” Moghimi added. “We verified the new chip. It is not vulnerable to TPM-Fail.”
The researchers said they will present a paper with the findings and how the vulnerabilities might have been exploited in practice at both the Real World Crypto Symposium in New York City in January 2020, and at the 29th USENIX Security Symposium in Boston in August 2020.