Security researchers Gabriel Campana and Jean-Baptiste Bédrune uncovered vulnerabilities that could allow attackers to retrieve sensitive data stored inside Hardware Security Modules.
What is HSM?
Hardware Security Module (HSM) is a hardware isolated device that use advanced cryptography to store sensitive data such as digital keys, passwords, and PINs.
HSMs are widely used in financial institutions, government agencies, data centers, and cloud providers.
More details on the vulnerability
Several vulnerabilities are detected in the HSM of a major vendor, allowing an attacker to take full control of the vendor's HSM.
Attackers could also exploit a cryptography bug in the firmware signature verification to upload a modified firmware to the HSM that includes a persistent backdoor.
“This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials,” the researchers said.
A translated summary of the vulnerability
As the researchers’ research paper is available only in French, Cryptosense has translated a brief summary of the vulnerability, which read as follows,
Vendor releases patches
The researchers notified the HSM maker about the vulnerabilities and the vendor has published firmware updates with security fixes to address the vulnerability.
The researchers did not name the vendor, however, Cryptosense security team noted that the vendor might be Gemalto.