Washington, Nov 13
An international team of researchers has discovered serious security vulnerabilities in computer chips made by chip giant Intel and Geneva-based semiconductor manufacturer STMicroelectronics that has affected billions of laptop, server, tablet and desktop users globally.
The two vulnerabilities, which have now been addressed, would have allowed hackers to employ timing side-channel attacks to steal cryptographic keys that are supposed to remain safely inside the chips.
The recovered keys could be used to compromise a computer's operating system, forge digital signatures on documents, and steal or alter encrypted information.
The flaws are located in TPMs, or trusted platform modules, which are specialized, tamper-resistant chips that computer manufacturers have been deploying in nearly all laptops, smartphones and tablets for the past 10 years.
"If hackers had taken advantage of these flaws, the most fundamental security services inside the operating system would have been compromised," said Berk Sunar, professor of electrical and computer engineering and leader of Vernam Lab at Worcester Polytechnic Institute in Massachusetts.
"This chip is meant to be the root of trust. If a hacker gains control of that, they've got the keys to the castle," Sunar warned.
Following an international security standard, TPMs are used to secure encryption keys for hardware authentication and cryptographic keys, including signature keys and smart card certificates.
Pushing the security down to the hardware level offers more protection than a software-only solution and is required by some core security services.
WPI security researchers Sunar and Daniel Moghimi led an international team of researchers that discovered these two serious security vulnerabilities.
One of the flaws the WPI team discovered is in Intel's TPM firmware, or fTPM--software that runs in the Security and Management Engine in processors the company has produced since it launched its Haswell processor in 2013.
Haswell CPUs are used in the popular Core i3, i5, and i7 family of processors.
The second flaw is in STMicroelectronics' TPM.
Notably, the STMicroelectronics' vulnerability is in a chip that has received a strong industry-recognized security certification from "Common Criteria" -- a highly acknowledged security stamp of approval based on international specifications designed to ensure technology meets high security standards preferred in industrial and government deployments.
The WPI researchers worked with Thomas Eisenbarth, a professor of IT security at the University of Lubeck in Germany, and Nadia Heninger from University of California, San Diego.
Once discovered, the flaws were reported to the chipmakers by the WPI researchers, who also have described the flaws in a paper to be presented at the "29th USENIX Security Symposium" in Boston next August.
"We provided our analysis tools and results to Intel and STMicroelectronics and both companies worked with us to create a patch or make sure a security patch will be provided for the next generation of these devices," said Moghimi.
Moghimi explained that if hackers gained access to the Intel software, they could forge digital signatures, enabling them to alter, delete, or steal information.
The research team discovered another flaw in the STMicroelectronics' TPM, which is based on the company's popular ST33 chip.
The chipmaker announced earlier this year that more than 1 billion ST33 chips have been sold.
