Home » Cyber Security News » Vulnerabilities in Hardware Security Modules (HSMs) allow attackers to retrieve sensitive data

Vulnerabilities in Hardware Security Modules (HSMs) allow attackers to retrieve sensitive data

  • Several vulnerabilities are detected in the HSM of a major vendor, allowing an attacker to take full control of the vendor’s HSM.
  • The vulnerabilities could allow attackers to retrieve sensitive data stored inside Hardware Security Modules.

Security researchers Gabriel Campana and Jean-Baptiste Bédrune uncovered vulnerabilities that could allow attackers to retrieve sensitive data stored inside Hardware Security Modules.

What is HSM?

Hardware Security Module (HSM) is a hardware isolated device that use advanced cryptography to store sensitive data such as digital keys, passwords, and PINs.

HSMs are widely used in financial institutions, government agencies, data centers, and cloud providers.

More details on the vulnerability

Several vulnerabilities are detected in the HSM of a major vendor, allowing an attacker to take full control of the vendor’s HSM.

Attackers could also exploit a cryptography bug in the firmware signature verification to upload a modified firmware to the HSM that includes a persistent backdoor.

“This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials,” the researchers said.

A translated summary of the vulnerability

As the researchers’ research paper is available only in French, Cryptosense has translated a brief summary of the vulnerability, which read as follows,

  1. “They started by using legitimate SDK access to their test HSM to upload a firmware module that would give them a shell inside the HSM. Note that this SDK access was used to discover the attacks, but is not necessary to exploit them.
  2. They then used the shell to run a fuzzer on the internal implementation of PKCS#11 commands to find reliable, exploitable buffer overflows.
  3. They checked they could exploit these buffer overflows from outside the HSM, i.e. by just calling the PKCS#11 driver from the host machine
  4. They then wrote a payload that would override access control and, via another issue in the HSM, allow them to upload arbitrary (unsigned) firmware. It’s important to note that this backdoor is persistent – a subsequent update will not fix it.
  5. They then wrote a module that would dump all the HSM secrets, and uploaded it to the HSM”.

Vendor releases patches

The researchers notified the HSM maker about the vulnerabilities and the vendor has published firmware updates with security fixes to address the vulnerability.

The researchers did not name the vendor, however, Cryptosense security team noted that the vendor might be Gemalto.

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket