Ledger to Discover HSM Vulnerability

HSM is an external device designed to store public and private keys used to generate digital signatures and to encrypt data, used by banks, exchanges, etc
10 June 2019   1900

A group of researchers from Ledger identified several vulnerabilities in the Hardware Security Module (HSM) devices, which can be used to extract keys or perform a remote attack to replace the firmware of an HSM device. The problem report is currently available only in French, the English-language report is scheduled to be published in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and to encrypt data.

HSM allows you to significantly increase protection, as it completely isolates keys from the system and applications, only by providing an API to perform basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where you need to provide the highest protection, for example, in banks, cryptocurrency exchanges, certification centers for checking and generating certificates and digital signatures.

The proposed attack methods allow an unauthenticated user to gain complete control over the contents of the HSM, including extracting all the cryptographic keys and administrative credentials stored on the device. The problems are caused by a buffer overflow in the internal PKCS # 11 command handler and an error in the implementation of the cryptographic protection of the firmware, which bypasses the firmware check using the PKCS # 1v1.5 digital signature and initiates loading the own firmware in the HSM.

The name of the manufacturer, the HSM devices of which have vulnerabilities, has not yet been disclosed, but it is argued that the problem devices are used by some large banks and cloud service providers. At the same time it is reported that information about the problems was previously sent to the manufacturer and it has already eliminated vulnerabilities in the fresh firmware update. Independent researchers suggest that the problem may be in the devices of the company Gemalto, which in May released an update to Sentinel LDK with the elimination of vulnerabilities, access to information about which is still closed.

Linux 5.5 Kernel to be Released

The new version release took 2 months and it has adopted 15505 patches from 1982 developers and 44% of chages relates to device drivers
27 January 2020   205

After two months of development, Linus Torvalds introduced the Linux 5.5 kernel release. Among the most notable changes: the ability to assign alternative names to network interfaces, the integration of cryptographic functions from the Zinc library, the ability to mirror more than 2 disks in Btrfs RAID1, the mechanism for monitoring the status of Live patches, the kunit unit testing framework, the increased performance of the mac80211 wireless stack, the ability to access to the root partition via the SMB protocol, type verification in BPF.

The new version adopted 15505 patches from 1982 developers, the patch size is 44 MB (the changes affected 11781 files, 609208 lines of code were added, 292520 lines were deleted). About 44% of all the changes presented in 5.5 are related to device drivers, about 18% of changes are related to updating the code specific to hardware architectures, 12% are connected to the network stack, 4% to file systems and 3% to internal kernel subsystems.

As always, new version brought the significant number of changes and improvements, you can check them at the official mainling at the LWM.