Your browser version is outdated. We recommend that you update your browser to the latest version.

SIGN UP to our free eNewsletter

Fields marked with * are required.

DEFSECmedia

DEFSEC Media is New Zealand's defence, security and fire B2B/B2G publishing group. Our leading magazines, Line of DefenceNZ Security and Fire NZ are read by key business, government and military decision makers and influencers. This website is the online home of cutting-edge content from each of our titles.

Innovation Central

Automation & Electronics

Itron

ROCA: Major security flaw in crypto keys discovered

Posted 18/10/2017

According to the latest CERT NZ advisory, a significant flaw in the firmware of a chip used in hardware security tokens has raised issues with the security of millions of encryption keys.

Researchers have identified a vulnerability in the RSA keys that are generated by chips from Infineon Technologies. The vulnerability is being referred to as ROCA (Return of the Coppersmith’s Attack). The keys are weaker than would be expected of keys of the same length, and are vulnerable to factorisation. This means that, given a public key, it would be feasible to re-create the private key.

The chips are generally embedded inside devices of other manufacturers, and are often used in hardware security tokens such as Yubikeys, or Trusted Platform Modules (TPM) in computers.

Read more at: www.cert.govt.nz/it-specialists/advisories/advisory/roca-major-security-flaw-in-crypto-keys-discovered

Share on Social Media

Follow us...

We recommend on YouTube...