||| Ars Technica |||
The security of millions of encryption keys has been undermined by a flaw in a widely used code library. The factorization weakness allows attackers to impersonate key holders, decrypt their data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen computers.
The flaw has been in existence for five years and it's very troubling since its located in code that complies with two international security certification standards that are binding on many governments and companies around the globe.
German chipmaker Infineon developed the code library and it has been generating weak keys since 2012. The Estonia government indirectly referred to the flaw sometime last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack.
Officials from Estonia revealed that they were closing the ID card public key database to prevent abuse. Further warnings were issued sometime last week, by Google, Microsoft, and Infineon. They all warned about how the weakness can impair the protections built into TPM products, which are ironically designed to give an additional measure of security to high-targeted individuals and organizations.
"In public key cryptography, a fundamental property is that public keys really are public—you can give them to anyone without any impact on security," Graham Steel, CEO of encryption consultancy Cryptosense said, adding that the property had been broken due to the above case.
This implies that if one has a document that is digitally signed with someone's private key, they can't prove that it was really them that signed it. Also, if one sent sensitive data that was encrypted with someone's public key, they can't be sure that only they can read it.
One of the researchers that discovered the faulty library, also warned the flaw has, or at least had, the potential to create problems for elections in countries where vulnerable cards are used.
Although actual voter fraud would be hard to conduct, the possibility of that happening is just upsetting since it supports various conspiracy and fake news theories.
The discovery is the subject of a research paper that’s titled The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli, it’s expected that the paper will be presented on the 2nd of November at the ACM Conference on Computer and Communications Security.
The flow was discovered by Slovak and Czech researchers from Masaryk University in the Czech Republic, Enigma Bridge in Cambridge, UK, and Ca' Foscari University in Italy. The paper describing the factorization method isn't being published until it's presented at the conference.
The flaw resides in the Infineon-developed RSA Library version v1.02.013. This library allows people to generate keys with smartcards rather than with general-purpose computers, which are easier to infect with malware and hence aren't suitable for high-security uses.