Security researchers have discovered a vulnerability that could be exploited to circumvent RSA encryption. The vulnerability exists in the way RSA keys are generated and used by a software library adopted in cryptographic smartcards, security tokens and other secure hardware chips. The vulnerability known as Return of Coppersmith’s Attack (ROCA) allows practical factorization attack in which an attacker computes the private part of an RSA key. The attack is feasible for commonly used key lengths, including 1024 and 2048 bits, and affects chips manufactured as early as 2012, that are now commonplace.
The vulnerability (CVE-2017-15361) infects vulnerable keys found in about 760,000 in products from major vendors including Microsoft, Google, HP, Lenovo, and Fujitsu who have already released software updates and guidelines for a mitigation and is caused by cryptographic chips produced by Infineon Technologies AG, according to an advisory detailing the attack.
Centre for Research on Cryptography
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street