more on Infineon TPM issue (ROCA)

ROCA: Vulnerable RSA generation (CVE-2017-15361)

A newly discovered vulnerability in generation of RSA keys used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips manufactured by Infineon Technologies AG allows for a practical factorization attack, in which the attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace. Assess your keys now with the provided offline and online detection tools and contact your vendor if you are affected. Major vendors including Microsoft, Google, HP, Lenovo, Fujitsu already released the software updates and guidelines for a mitigation. Full details including the factorization method will be released in 2 weeks at the ACM CCS conference as ‘The Return of Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli’ (ROCA) research paper.


Intel IPP crypto has RSA private key side-channel attack

Intel has found an RSA private key vulnerability with their Intel Performance Primitives (Intel IPP).

A vulnerability in Intel Integrated Performance Primitives (IPP) Cryptography allows local users to recover the RSA private key via a potential side-channel.
Intel ID:      INTEL-SA-00060
Product family:      The cryptography (CP) domain in Intel® Integrated Performance Primitives (Intel® IPP)
Impact of vulnerability:      Information Disclosure
Severity rating:      Important
Original release:      Oct 04, 2016

The cryptography (CP) domain in Intel’s newest version of Intel® Integrated Performance Primitives (Intel® IPP) v2017 has been enhanced to improve its security and customers are strongly urged to update to this release.  A potential side-channel vulnerability was identified in the Intel® Integrated Performance Primitives Cryptography which is bundled with Intel® IPP. The vulnerability allows an attacker to potentially recover enough information to retrieve a RSA private key. The root cause of the issue has been identified and mitigated in the latest release of IPP Cryptography. The CVSSv3 severity rating for this issue 7.1 (High). Intel has developed an update to the Intel® IPP Cryptography software and is making it available to customers. The mitigated versions are Intel® IPP Cryptography 2017 and 9.0.4. Users with licensed versions of IPP Cryptography can obtain the mitigated versions at this URL: <;. Intel strongly recommends customers impacted by this issue to upgrade to the latest version listed in the table above. […]

Absolute Joins the RSA Ready Technology Partnership Program

Yesterday, Absolute announced that they’ve joined the RSA Ready Technology Partnership Program.

“Absolute announced today a new collaboration with RSA to offer enhanced endpoint data collection and remediation. As part of the RSA Ready Technology Partnership program, this effort is designed to deliver seamless interoperability between Absolute and RSA Security Analytics, an industry leading advanced threat detection and forensics platform. Using the Absolute SIEM connector, mutual customers can now get deeper visibility into their endpoint deployments by feeding vital Absolute endpoint data directly into the RSA Security Analytics monitoring platform.  If an endpoint security alert is triggered, customers will be able to promptly investigate and respond to potential threats within the broader context of the RSA Security Analytics environment. Customers will also be able to correlate logs, packets, NetFlow, and endpoint data, all within the same platform.”

“Absolute’s Persistence(R) technology is embedded into the core of most devices at the factory. Once activated, it provides organizations with comprehensive visibility into all of their devices so they can confidently manage mobility, investigate potential threats, and take action if a security incident occurs. Most importantly, they can apply remote security measures to protect each device and the data it contains.”

See the full announcement for more details:

Absolute’s CompuTrace is a unique security tool for firmware, it’s device is embedded into many (most?) modern systems, and the device checks if software support is disabled in the firmware, and re-enables it.

“Absolute Data & Device Security (DDS), formerly Absolute Computrace, is an adaptive endpoint security solution. It provides you with a persistent connection to all of your endpoints and the data they contain.”

“Our OEM partners embed Persistence technology into the BIOS or firmware of computers, netbooks, tablets, and smartphones during the manufacturing process. Once activated, customers who purchase these devices benefit from an extra level of security, persistence, and support.”

“Persistence technology from Absolute provides you with visibility and control over all of your devices, regardless of user or location. If an Absolute software client is removed from an endpoint, it will automatically reinstall so you can secure each device and the sensitive data it contains. No other technology can do this. Persistence technology is built into tens of millions of devices around the world and provides organizations with a trusted lifeline to each device in their deployment, regardless of user or location.”

You can use UEFITool to see if Absolute is in your firmware by searching for “computrace” Unicode string.