A group of researchers from the Ledger company, which produces hardware wallets for cryptocurrency, several vulnerabilities in HSM devices () that can be used to extract keys or perform a remote attack to change the firmware of an HSM device. At the moment the problem report French only, English presentation planned in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and encrypt data.
HSM allows you to significantly increase protection, as it completely isolates the keys from the system and applications, only providing an API for executing basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where the highest security is required, such as banks, cryptocurrency exchanges, certification centers for verifying and generating certificates and digital signatures.
The proposed attack methods allow an unauthenticated user to gain full control over the contents of the HSM, including extracting all cryptographic keys stored on the device and administrator credentials. The problems are caused by a buffer overflow in the internal PKCS#11 command handler and an error in the implementation of the cryptographic protection of the firmware, which allows bypassing the firmware check using the PKCS#1v1.5 digital signature and initiating the loading of its own firmware into the HSM.
As a demonstration, a download of a modified firmware was organized, in which a backdoor was added, which remains active after subsequent installations of regular firmware updates from the manufacturer. It is alleged that the attack can be carried out remotely (the attack method is not specified, but it probably means the substitution of the downloaded firmware or the transfer of specially designed certificates for processing).
The problem was identified during fuzzing testing of the internal implementation of the PKCS#11 commands offered in the HSM. Testing was organized by loading your module into the HSM using the standard SDL. As a result, a buffer overflow was detected in the PKCS#11 implementation, which turned out to be exploitable not only from the HSM internal environment, but also by accessing the PKCS#11 driver from the main operating system of the computer to which the HSM is connected.
Next, a buffer overflow was exploited to execute code on the HSM side and redefine access parameters. During the study of the filling, another vulnerability was identified that allows you to download new firmware without a digital signature. Ultimately, a custom module was written and loaded into the HSM, which dumps all the secrets stored in the HSM.
The name of the manufacturer in whose HSM devices vulnerabilities have been identified has not yet been disclosed, but it is claimed that problematic devices are used by some large banks and cloud service providers. At the same time, it is reported that information about the problems was previously sent to the manufacturer and he has already eliminated the vulnerabilities in the latest firmware update. Independent researchers suggest that the problem may be in the devices of Gemalto, which in May update Sentinel LDK with the elimination of vulnerabilities, access to information about which is still .
Source: opennet.ru