[German]A newly discovered vulnerability makes it possible to steal ECDSA signature keys by timing attack from the supposedly secure memory area of TPM chips (Intel fTPM 2.0, STMicroelectronics ST33-TPM).
The vulnerabilities became public a few hours ago. Security researchers have identified vulnerabilities in certified Trusted Platform Modules (TPMs) from Intel and STMicroelectronics.
— NCSbyNCSV (@NCSbyHTCS) November 14, 2019
The vulnerabilities exist in the certified Intel firmware-based TPM (fTPM) and in the certified TPM chips from STMicroelectronics. Hackers can use the vulnerabilities to steal cryptographic keys stored on these TPM chips in supposedly secure storage areas.
TPM at a glance
The Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. TPM is propagated by Intel and Microsoft as a basis of trust for the operating system of a device. TPM is designed to protect security keys from threats such as malware and rootkits. Most notebooks today have a TPM module that can be used by Windows to securely store keys, including Bitlocker keys.
TPM can also be a firmware-based solution (fTPM) running on separate 32-bit microcontrollers within a CPU. This is the case with Intel processors from the Haswell generation onwards (2013).
Security researchers have discovered timing leaks on Intel firmware-based TPM (fTPM) and on the STMicroelectronics TPM chip. The problem: The solutions have execution time dependencies for generating cryptographic signatures that depend on the keys.
The keys should actually be stored securely in the TPM hardware. However, security researchers have succeeded in restoring private keys from digital signature schemes based on elliptic curves.
On the website TPM-FAIL the security researchers disclose the findings on the discovered vulnerabilities and attack scenarios. An attacker can use these vulnerabilities to stand private signature keys used for signature generation. Compromised signature keys can be used to forge signatures. This can be used to bypass authentication, manipulate the operating system, etc.
The vulnerability is likely to affect all desktop, laptop and server workstations from different vendors such as Dell, Lenovo, HP, etc. if they use one of these affected TPM products. Here it is necessary to ask the OEM if their systems are affected by TPM-FAIL
Addendum: Microsoft has published a Security Advisory ADV190024. According to Microsoft the important confidentiality protection for a particular algorithm (ECDSA) is weakened. Microsoft writes that it is a TPM firmware vulnerability and not a vulnerability in the Windows operating system or a particular application. Currently, no Windows systems use the vulnerable algorithm. Bitlocker should therefore not be affected, but third-party software may be able to use ECDSA.
The case shows that all the great mechanisms Intel, Microsoft and Co. propagate to improve security simply can’t keep what they promise (but are always good for trouble).
In terms of practical exploitability, security researchers write that an attacker who runs a malicious program locally can recover the Intel fTPM ECDSA key in 4-20 minutes (depending on the access level). The researchers have even shown that these attacks can be carried out remotely on fast networks by restoring the authentication key of a Virtual Private Network (VPN) server in 5 hours.
Intel has updated its fTPM firmware to fix the reported vulnerabilities. However, German site heise writes in this article, that firmware updates are still missing for some components, although the vulnerabilities were discovered some time ago. Chip-based solutions are even more difficult to handle. STMicroelectronics has released a new TPM chip that is resistant to TPM-FAIL. But this is of no use for existing systems, where a TPM chip is soldered with the respective vulnerability. I don’t know, if this can overcome with a firmware-update. More details may be found at TPM-FAIL and at Bleeping Computer for instance.
Windows 10 V1903 Bitlocker issue: TPM 2.0 drops error 10
Microsoft Intune 1905 requires TPM chip for Windows 10
Surface Pro 3: Vulnerability in TPM chip–update required!
Security: TPM vulnerable; and dump mode for Intel ME
Apple: Ups, forgot to lock Intel ME on it’s notebooks
Warning against Intel Extreme Tuning Utility (XTU) V126.96.36.199
Intel: No Microcode Updates for some older CPUs