acm-header
Sign In

Communications of the ACM

Home/News/HSM Vulnerabilities Impact Banks, Cloud Providers,.../Full Text
ACM TechNews

HSM Vulnerabilities Impact Banks, Cloud Providers, Governments

By ZDNet
June 18, 2019
Comments
View as: Print Mobile App Share:
A Hardware Security Module.

Ledger researchers have found vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside Hardware Security Modules.

Credit: ZDnet

Researchers at hardware wallet maker Ledger discovered vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside Hardware Security Modules (HSMs).

HSMs are hardware-isolated devices that used advanced cryptography to store, manipulate, and work with sensitive information such as digital keys, passwords, and PINs.

The vulnerabilities allow a remote unauthenticated attacker to take full control of the vendor's HSM.

In addition, the researchers found they could exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM.

"Perhaps the most concerning part of the attack is that the firmware update backdoor is persistent. There could be live HSMs deployed in critical infrastructure now containing similar backdoors," according to researchers at Cryptosense.

From ZDNet
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA

 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account