Vulnerabilities in Hardware Security Modules (HSMs) allow attackers to retrieve sensitive data

  • Several vulnerabilities are detected in the HSM of a major vendor, allowing an attacker to take full control of the vendor’s HSM.
  • The vulnerabilities could allow attackers to retrieve sensitive data stored inside Hardware Security Modules.

Security researchers Gabriel Campana and Jean-Baptiste Bédrune uncovered vulnerabilities that could allow attackers to retrieve sensitive data stored inside Hardware Security Modules.

What is HSM?

Hardware Security Module (HSM) is a hardware isolated device that use advanced cryptography to store sensitive data such as digital keys, passwords, and PINs.

HSMs are widely used in financial institutions, government agencies, data centers, and cloud providers.

More details on the vulnerability

Several vulnerabilities are detected in the HSM of a major vendor, allowing an attacker to take full control of the vendor’s HSM.

Attackers could also exploit a cryptography bug in the firmware signature verification to upload a modified firmware to the HSM that includes a persistent backdoor.

“This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials,” the researchers said.

A translated summary of the vulnerability

As the researchers’ research paper is available only in French, Cryptosense has translated a brief summary of the vulnerability, which read as follows,

  1. “They started by using legitimate SDK access to their test HSM to upload a firmware module that would give them a shell inside the HSM. Note that this SDK access was used to discover the attacks, but is not necessary to exploit them.
  2. They then used the shell to run a fuzzer on the internal implementation of PKCS#11 commands to find reliable, exploitable buffer overflows.
  3. They checked they could exploit these buffer overflows from outside the HSM, i.e. by just calling the PKCS#11 driver from the host machine
  4. They then wrote a payload that would override access control and, via another issue in the HSM, allow them to upload arbitrary (unsigned) firmware. It’s important to note that this backdoor is persistent – a subsequent update will not fix it.
  5. They then wrote a module that would dump all the HSM secrets, and uploaded it to the HSM”.

Vendor releases patches

The researchers notified the HSM maker about the vulnerabilities and the vendor has published firmware updates with security fixes to address the vulnerability.

The researchers did not name the vendor, however, Cryptosense security team noted that the vendor might be Gemalto.