I wish I knew more about HSMs… 😦
On Safenet HSM key-extraction vulnerability CVE-2015-5464 (part I)
This series of posts is provides a more in-depth explanation of the key-extraction vulnerability we discovered and reported to Safenet, designated as CVE-2015-5464. […]
How serious is this risk? Cloning requires exactly the same access as working with existing keys in the HSM: for the USB connected Luna G5, that is a USB connection. For the SA7000 as featured in AWS CloudHSM, it can be done remotely over the network. In other words an attacker who compromises a machine authorized to use the HSM, they get this access for free. […]
On Safenet HSM key-extraction vulnerability CVE-2015-5464 (part I)
https://gemini.com/blog/your-bitcoin-wallet-may-be-at-risk-safenet-hsm-key-extraction-vulnerability/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5464
Firmware Security 