Tuesday, October 24, 2017

RSA ROCA Attack CVE-2017-15361

Wapack Labs observed a new variant of the Coppersmith attack against RSA encryption, which impacts a number of vulnerable Google Chromebooks and Windows devices by Fujitsu, HP, Lenovo, and Microsoft. The attack, called the Return of Coppersmith’s Attack (ROCA) against RSA encryption, allows an attacker to decrypt cryptographic smartcards, security tokens and other secure hardware chips, like the Trusted Platform Modules (TPMs) used by BitLocker and Windows 10 Secure Boot, with less computational effort than previously thought. The ROCA attack allows an attacker to calculate the private key, while only having access to the public key, while using less computational resources than previous attacks. Updates are already being posted by device manufacturers. Wapack Labs recommends that users of Google Chromebooks, Google, Fujitsu, HP, Lenovo, and Microsoft devices upgrade their RSA cryptographic libraries (likely a firmware update) as soon as the patches are issued...READ MORE

Wapack Labs has cataloged and reported on cryptographic attacks and vulnerabilities in the past. An archive of related reporting can be found in the Red Sky Alliance portal. 

WWW.WAPACKLABS.COM