acm-header
Sign In

Communications of the ACM

ACM TechNews

HSM Vulnerabilities Impact Banks, Cloud Providers, Governments


A Hardware Security Module.

Ledger researchers have found vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside Hardware Security Modules.

Credit: ZDnet

Researchers at hardware wallet maker Ledger discovered vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside Hardware Security Modules (HSMs).

HSMs are hardware-isolated devices that used advanced cryptography to store, manipulate, and work with sensitive information such as digital keys, passwords, and PINs.

The vulnerabilities allow a remote unauthenticated attacker to take full control of the vendor's HSM.

In addition, the researchers found they could exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM.

"Perhaps the most concerning part of the attack is that the firmware update backdoor is persistent. There could be live HSMs deployed in critical infrastructure now containing similar backdoors," according to researchers at Cryptosense.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found