Boka revatsvagiri kubva kuLedger, kambani inogadzira hardware wallet ye cryptocurrency, kukanganisa kwakawanda mumidziyo yeHSM (), iyo inogona kushandiswa kuburitsa makiyi kana kuita kurwisa kure kutsiva firmware yechigadzirwa cheHSM. Parizvino kutaura dambudziko muFrench chete, mushumo wemutauro weChirungu unorongwa muna Nyamavhuvhu panguva yemusangano weBlackhat USA 2019. HSM chishandiso chekunze chakagadzirirwa kuchengetedza makiyi eruzhinji neakavanzika anoshandiswa kugadzira siginecha yedhijitari uye encryption yedata.
HSM inokutendera iwe kuti uwedzere zvakanyanya kuchengetedzeka, sezvo ichiparadzanisa zvachose makiyi kubva kune sisitimu uye maapplication, ichingopa API yekuita ekutanga cryptographic primitives inoiswa padivi remudziyo. Kazhinji, HSM inoshandiswa munzvimbo dzinodiwa chiyero chepamusoro chekuchengetedza, senge mabhangi, cryptocurrency exchanges, uye zviremera zvezvitupa zvekusimbisa uye kugadzira zvitupa uye masiginecha edhijitari.
Nzira dzekurwisa dzakarongwa dzinobvumira mushandisi asina kutenderwa kuti awane kutonga kwakazara pamusoro pezviri mukati meHSM, kusanganisira kuburitsa ese makiyi e cryptographic uye zvitupa zvemaneja zvakachengetwa pachigadzirwa. Matambudziko anokonzerwa nekufashukira kwebhafa mukati mePKCS#11 yekuraira maneja uye kukanganisa mukuitwa kwekriptographic firmware dziviriro, iyo inokutendera kuti upfuure neiyo firmware verification uchishandisa PKCS#1v1.5 siginecha yedhijitari uye wotanga kurodha yako. firmware muHSM.
Sechiratidziro, yakagadziridzwa firmware yakadhindwa, iyo iyo backdoor yakawedzerwa, iyo inoramba ichishanda mushure mekupedzisira kuiswa kweyakajairwa firmware zvigadziriso kubva kumugadziri. Zvinofungidzirwa kuti kurwiswa kwacho kunogona kuitwa kure (nzira yekurwisa haina kutaurwa, asi zvinoreva kutsiva firmware yakatorwa kana kuendesa zvitupa zvakapihwa kuti zvigadziriswe).
Dambudziko rakaonekwa panguva yekuyedzwa kwefuzz yekuitwa kwemukati kwePKCS#11 mirairo yakatsanangurwa muHSM. Kuedzwa kwakarongwa nekurodha module yayo muHSM uchishandisa yakajairwa SDL. Nekuda kweizvozvo, buffer mafashama akaonekwa mukuitwa kwePKCS#11, iyo yakazoita kushandiswa kwete kubva mukati memukati meHSM chete, asiwo nekuwana mutyairi wePKCS#11 kubva kune main operating system yekombuta. uko iyo HSM module yakabatana.
Tevere, iyo buffer mafashama yakashandiswa kuita kodhi padivi reHSM uye nekupfuura maparamita ekuwana. Munguva yekudzidza kwekuzadza, imwe njodzi yakaonekwa iyo inobvumidza iwe kurodha nyowani firmware pasina siginecha yedhijitari. Pakupedzisira, imwe tsika module yakanyorwa uye yakatakurwa muHSM, iyo inorasa zvese zvakavanzika zvakachengetwa muHSM.
Iro zita remugadziri ane zvigadziriso zveHSM zvakaonekwa hazvisati zvaburitswa, asi zvinonzi zvigadziriso zvinonetsa zvinoshandiswa nemamwe mabhanga makuru uye vanopa masevhisi emakore. Zvinonzi ruzivo rwematambudziko rwakambotumirwa kumugadziri uye akatobvisa kusakanganiswa mune yazvino firmware update. Vatsvakurudzi vakazvimiririra vanoratidza kuti dambudziko rinogona kunge riri mumidziyo kubva kuGemalto, iyo muna May Sentinel LDK inogadziridza nekubviswa kwekusagadzikana, kuwana ruzivo nezve izvo zvichiri .
Source: opennet.ru