EUCLEAK: More products vulnerable to cloning attack
The EUCLEAK side-channel vulnerability was also known as the "Yubikey cloning attack". The BSI re-certified updated products that were affected.
(Image: Bild erstellt mit KI in Bing Image Creator durch heise online / dmk)
The EUCLEAK security vulnerability, also known as the "Yubikey cloning attack", affects other products. The German Federal Office for Information Security (BSI) certifies security solutions such as TPM chips with associated software, which store data securely, according to so-called Common Criteria. Some solutions certified by the BSI apparently had the EUCLEAK gap and had to be recertified, as they only meet the security criteria with updated software.
The EUCLEAK side-channel vulnerability makes it possible to obtain the secret for digital signatures and thus create and forge digital signatures even without possessing the security token. Shortly after the vulnerability became known, there were fears that some variants of the ePerso could be affected, as Infineon ICs are also used in them. However, the BSI gave the all-clear in mid-September: The Perso is not vulnerable.
Certified TPM and software combinations
Organizations and manufacturers, some also on behalf of the government, rely on the security of such certified product combinations, which they use in their own products such as ID cards. Thomas Roche asked heise online whether other products might have the EUCLEAK vulnerability, which the BSI has certified as a renowned IT security authority. In response to our inquiry, the BSI reported back some time later that a number of TPMs have been recertified that have patched the EUCLEAK vulnerability with updated software.
Videos by heise
Specifically, three new certificates have been issued for TPMs with updated software: BSI-DSZ-CC-1244-2024, BSI-DSZ-CC-1245-2024 and BSI-DSZ-CC-1246-2024. These are Infineon TPM chips of specification 2.0 with specifically newer firmware or software versions. According to a BSI spokesperson, the "analysis and evaluation of products based on Infineon chips and their crypto libraries" is still ongoing. She added that "detailed coordination involving manufacturers, test centers and, if necessary, other external bodies" is required.
We also wanted to know whether and how manufacturers and customers find out about problematic products and whether, for example, updates are possible to close the gap. A BSI spokesperson now explained: "The products with associated certificates for which a security vulnerability could be detected are parts of complex supply chains that do not generally address the end consumer as a customer. Manufacturers who use certified products inform their respective customers, depending on the results of the analyses, about individual update options if necessary. In addition, the BSI has also provided information in accordance with the requirements of the SOG-IS Disclosure Process."
"The deployment scenarios of the end products are very different. Some products can be updated with updates, others may need to be handled in accordance with risk management. The BSI supports these processes as required and in the context of the Coordinated Vulnerability Disclosure Process," added the authority spokesperson.
At the beginning of September, IT security researcher Thomas Roche discussed details of the attacks on the side-channel vulnerabilities in Infineon ICs and certain associated Infineon software libraries in an analysis. An attack requires physical access, expensive equipment, customized software and technical talent, which makes it less likely. Specifically, timing information for non-constant computing time in the calculation of a modular inversion in the ECDSA implementation of the Infineon library can be used to draw conclusions about the secret for the digital signatures. This means that valid signatures can ultimately be created even without a security token.
(dmk)
