New TPM 2.0 flaws could let hackers steal cryptographic keys

New vulnerabilities in TPM 2.0 (Trusted Platform Module) have been reported, which could provide hackers access to cryptographic keys, which are crucial for secure communication and authentication. To offer a safe environment for cryptographic activities, TPM is a hardware component found in many contemporary computers. Researchers from the Fraunhofer Institute for Applied and Integrated Security in Germany were the ones to identify the vulnerabilities. The researchers discovered that the flaws enable an attacker to take advantage of a flaw in the TPM 2.0 firmware to steal the private keys kept in the TPM. Given that private keys are required to authenticate and encrypt numerous forms of communications, including those used in online banking, e-commerce, and other sensitive applications, the impact of the vulnerabilities might be significant. The impacted TPM firmware vendors have been alerted by the researchers, and fixes have been made available to fix the flaws. To safeguard against these vulnerabilities, consumers must upgrade their firmware as soon as possible. It is advised to adhere to standard practices for securing cryptographic keys, such as storing them in a secure location, using strong passwords, and limiting access to authorized personnel only, in addition to applying fixes. TPM and other security components have weaknesses that can be found and fixed with regular security assessments and penetration testing.

Affected Firmware

Depending on the maker and model of the TPM chip, the specific versions of TPM firmware that are vulnerable may change. In order to find out if the TPM firmware is impacted and whether there are any fixes available, it is required to check with the system or device vendor. The vulnerabilities were found in certain firmware versions of TPM 2.0.

For instance, fixes are available for the impacted firmware versions of the CVE-2023-1017: An out-of-bounds write vulnerability exists in TPM2.0’s Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.

CVE-2023-1018: An out-of-bounds read vulnerability exists in TPM2.0’s Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

TPM 2.0 flaws Detection

To detect if a system is vulnerable to the TPM 2.0 flaws that allow attackers to steal cryptographic keys, users can check if their TPM firmware is affected by the vulnerabilities. The vulnerabilities were discovered in specific firmware versions of TPM 2.0, so updating to a patched version of the firmware is a critical step to protect against the vulnerabilities.

The National Vulnerability Database (NVD) has assigned CVE IDs to the vulnerabilities, and users can check if their TPM firmware is affected by searching for the CVE IDs:

  • CVE-2023-1017: An out-of-bounds write vulnerability exists in TPM2.0’s Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
  • CVE-2023-1018: An out-of-bounds read vulnerability exists in TPM2.0’s Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.

Users can also check with their system or device vendors to determine if their TPM firmware is affected by the vulnerabilities and if patches are available.

Regular security assessments and penetration testing can also help identify if a system is vulnerable to the TPM 2.0 flaws or other security vulnerabilities. It is essential to implement security best practices and regularly update security components to reduce the risk of a cyber attack.

Demonstration

Attacks on TPM flaws can take various forms, depending on the specific vulnerability and the attacker’s goals. In the case of the TPM 2.0 flaws that allow attackers to steal cryptographic keys, attackers can use various techniques to exploit the vulnerabilities and gain access to the private keys stored in the TPM. For example, attackers can use side-channel attacks to exploit weaknesses in the hardware or firmware of the TPM. These attacks involve analyzing the physical characteristics of the device, such as power consumption or electromagnetic radiation, to extract sensitive information. Side-channel attacks can be challenging to detect and prevent, as they do not involve traditional software exploits. Attackers can also use software exploits to exploit vulnerabilities in the TPM firmware. Exploits can allow attackers to execute arbitrary code on the system, bypass security controls, or gain elevated privileges. Once an attacker has access to the system, they can use the stolen cryptographic keys to impersonate the user, decrypt sensitive data, or launch further attacks.

Remediation

If a TPM 2.0 vulnerability has been identified that impacts cryptographic keys in pointer format, remediation will typically involve applying a software patch or update provided by the vendor or manufacturer of the TPM. The specific steps for remediation may vary depending on the nature and severity of the vulnerability, as well as the type of system or device that is affected.

In general, the following steps may be taken to remediate a TPM 2.0 flaw that affects cryptographic keys in pointer format:

  1. Identify the affected systems or devices: Determine which systems or devices are using the vulnerable TPM 2.0 software or hardware.
  2. Obtain the appropriate patch or update: Contact the vendor or manufacturer of the TPM to obtain the appropriate software patch or update that addresses the specific vulnerability.
  3. Apply the patch or update: Apply the software patch or update to the affected systems or devices according to the instructions provided by the vendor or manufacturer.
  4. Test the remediation: Verify that the software patch or update has been successfully applied and that the vulnerability has been mitigated. This may involve performing additional security testing or analysis to confirm that the vulnerability has been fully addressed.
  5. Monitor for future vulnerabilities: Monitor for future vulnerabilities in the TPM 2.0 software or hardware and ensure that appropriate steps are taken to address any new security issues that may arise.

It is also recommended to review and update security policies and procedures to ensure that the use of cryptographic keys in pointer format is properly managed and secured. This may involve implementing additional controls, such as access controls, key management policies, and monitoring and logging of key usage.