Gemalto IDPrime.Net is not the first and will probably not be the last smart card that has a serious vulnerability to ROCA.
We all know what smartcards do.
Thousands of large corporations and banks use smart cards in the millions.
And they have done so for the past decade or so.
Here is the real problem with smartcards though:
Even though so many banks and large corporations use them, they still have a vulnerability.
This vulnerability is specifically against cryptographic attacks.
As we all know, cryptographic attacks can be crippling for smart cards.
What does this vulnerability do anyway?
It basically enables hackers to compromise, in other words bypass, any and almost all protections that a smart card may have on it.
This wide range of online protections include,
- Two-factor authentication
- Data encryption
Now researchers have discovered a new vulnerability.
This vulnerability is more special than the ones researchers discovered before.
Just last week researchers revealed the new critical vulnerability which allowed hackers to do much more than before.
The new vulnerability enables hackers to take a vulnerable key and derive its private portion.
And to do so, they need nothing more than the vulnerable key’s corresponding public portion.
This can allow hackers to bypass many security measures.
Sometimes researchers call this attack as factorization attack.
And hackers have become so adept at it that they can carry out one within a matter of minutes.
And sometimes days, depending on the circumstances.
What about the price?
Well, that varies as well.
The price can go from nothing to several thousand dollars.
If the key size is big enough, and the computer that the hacker uses is sophisticated enough, then hackers can earn around $20,000 per factorization attack.
Where does this vulnerability come from?
According to most reports, this new vulnerability basically stems from Infineon.
What is Infineon you may ask?
It is basically a library that developers widely deploy.
Infineon is the German chipmakers that developed this library.
Infineon also sells its software and hardware to other third-party device and smart card manufacturers.
Researchers have now confirmed the defect though.
They have also shown that the vulnerability has indeed affected the first line of smart cards.
More specifically, Gemalto IDPrime.NET smartcards.
What are these Gemalto IDPrime.Net smartcards?
Well, these are just smart cards.
They became available for the public to buy at the start of 2004r.
Axalto, is a well-known predecessor of Gemalto.
We also know that, via an Axalto official announcement, that Microsoft employees had used these cards for a long time.
Axalto previously announced that Microsoft employees indeed used these smart cards to secure their access to the company’s network.
These smartcards also provided Microsoft employees with two-factor authentication.
All Microsoft employees around the world could take advantage of these smart cards.
Now, no one really knows how long people have used these smartcards for.
But the most accurate figure seems to be 12 years.
During these 12 years, the company (Gemalto, which is based in Netherlands) has managed to ship a ton of these smart cards.
Some estimates say that the company has shipped millions of these smart cards.
Other estimates say that the company may have shipped hundreds of millions of these smart cards.
As far as the company itself goes, Gemalto, stopped selling these smartcards back in September.
We’ll get to that later.
From Gemalto’s perspective, the company has said that it would pledge to support these smartcards for another 24-48 months after the announcement.
But the actual period would depend on how customers use these smart cards.
Now, we just mentioned that Gemalto had stopped selling these smart cards.
That doesn’t mean you can’t buy them.
Because even though Gemalto has stopped selling them, third-party distributors have not.
They continue to sell these smartcards via online methods.
When Ars Technica tried to get in touch with Gemalto, a company representative referred them to an official company advisory.
The advisory said that Gemalto had carried out some investigation of its own.
And consequently had determined that the new vulnerability may have affected End-of_sale IDPrime.NET smartcards and other products.
Cryptographic experts say something else though.
They say that there is no doubt that the line of smart cards from Gemalto had the new vulnerability.
In other words, the new vulnerability affected all Gemalto smart cards.
The CEO of Enigma Bridge, Dan Cvrcek, said that he had examined about 11 of these IDPrime.Net cards.
Gemalto had issued these from the year 2008 to the start of this year.
Dan revealed that all of those Gemalto cards made use of an underlying public key.
This public key tested positive for the above-mentioned newly-found crippling vulnerability.
If hackers could just run these public keys through an online cyber attack hosted on a cloud computing platform like Amazon Web Services or any other similar one, then hackers could compute the private portions of these keys within a matter of hours depending on the size of the key.
For 1024-bit keys, hackers could take just a few hours.
For 2048-bit keys, hackers may have to spend close to a couple of days.
What would happen when the attacker would know the private portions of the key?
Well, once online hackers and other attackers know the full secret key, they could move forward and easily clone the smart card using cryptographic methods.
This would allow hackers to actually compromise any other key that the affected smartcards generated before.
The Kingdom And The Keys
Cvreck also revealed that some members of the researcher team had discovered the flaw and made use of it as well.
In other words, researchers, after discovering the flaw, went ahead and obtained two RSA keys.
These RSA keys had a length of 512 bits.
Researchers also revealed that separate Gemalto IDPrime.NET smartcards had actually generated these keys.
Cvrek’s team of researchers also managed to calculate the secret key belonging to both of the above-mentioned smartcards.
His research team cracked on the smartcards in about three minutes.
And the other one took the research team around ten minutes.
Most of all, the researchers only used a general-purpose computing machine.
According to Cvrcek, his research team showed alarming results.
Because they actually confirmed that the newly-found vulnerability actually affected the card to a large degree.
Moreover, these weakness related to these smartcards could form the basis of other public key infrastructure that a lot of other companies in the world used to accomplish tasks such as,
- Authenticate employees
- Secure network logins
- Encrypt e-mail messages
Cvrcek said that companies used these smartcards primarily for their medium-sized and enterprise company PKI-systems.
Moreover, he said that these smartcards had the responsibility to protect email communications along with remote access via VPN services.
Additionally, these companies used these smart cards to decrypt and sign sensitive information belonging to company documents.
Cvrcek emphasized the point that the company likely used these smartcards for highly sensitive documents.
Sometimes, these companies could even use these smart cards to documents that a given enterprise would assign maximum confidentiality level.
Is Gemalto The Only Smartcard Vulnerable To ROCA?
As mentioned before, a lot of other smartcards have this vulnerability.
Gemalto IDPrime.NET smart card is just the latest of these smart cards that researchers have confirmed to have this vulnerability.
And as we pointed out before, Gemalto IDPrime.Net smart card certainly will not be the last smartcard to have ROCA vulnerability.
The government in Estonia has already put out a statement saying that they could confirm that about 750,000 of these electronic ID that the government had issues before had the ROCA vulnerability.
Moreover, researchers also managed to uncover loads of evidence that governments in Spain and Slovakia also issued ID cards that had the ROCA vulnerability.
We have also come to know that several other models of Trusted Platform Modules that protected computers which several manufacturers solid had this ROCA vulnerability as well.
Of course, we are talking about Javacards.
Where Is This ROCA Vulnerability?
According to researchers, this vulnerability basically resides in almost all, if not absolutely all, Infineon library generated RSA keys.
In other words, the Infineon library has a fault.
And it transfers that fault to all RSA keys that it generates.
But can one really fault the company?
They want to optimize for speed.
And hence the Infineon library makes use of a structure that relies on underlying prime numbers.
This essentially makes these RSA keys a lot more susceptible to Factorization.
Factorization is a simple mathematical process.
You can read more about it here.
Researchers have also revealed that they found identifying affected RSA keys inexpensive and quick.
Moreover, to take advantage of the vulnerability, researchers needed nothing else but access to a public key.
Hypothetically speaking, hackers, after obtaining the public key can then move forward to run any and all vulnerability public RSA keys through a cyber attack.
Researchers have dubbed these kind of attacks as Return of the Coppersmith Attack.
Or in more succinctly, ROCA.
The attack gets its name because of the type of prime factorization methods that it makes use of.
How Do The Attackers Move Forward Once They Have The Public Key?
Well, first they ensure that they can complete the longer factorization.
Once that process has reached its completion stage, hackers can easily have access to the private key.
This private key is the key that companies use for a ton of sensitive tasks.
As mentioned before, these tasks include,
- Decrypting data
- Signing software via digital means
- Providing a second authentication factor that is cryptographically robust.
Who Discovered This Vulnerability Exactly?
According to most media reports Czech and Slovak researchers who worked at Masaryk University in the Czech Republic along with,
- Enigma Bridge in Cambridge, United Kingdom
- Ca’ Foscari University in Italy
worked on discovering the vulnerability.
Cvrcek also said that Gemalto’s other line of smart cards such as IDPrime MD did not have the ROCA vulnerability.
So What Now?
We know that IDPrime.NEt has the ROCA vulnerability.
Because many researchers have confirmed this fact.
What does that mean for the organizations that use Gemalto IDPrime.NET smartcards?
Well, they should carefully and objectively assess how their company employees and networks use these cards.
And how hackers could take advantage of that and launch attacks against them.
Recently a Microsoft spokeswoman said that Microsoft company officials had started to investigate the vulnerable Gemalto IDPrime.NET cards.
She also said that the company would take all appropriate steps if the company determined that these smartcards put the company’s employees and networks at risk.
What About Gemalto? Have They Said Anything?
Gemalto officials have not said anything on how many of these smart cards the company had sold.
They have declined to comment on how long companies have used these cards.
They also have said anything about how many of these Gemalto smart cards remain in use.
As pointed out before as well Cvrcek’s estimates say that the total sale of Gemalto smartcards probably went in the millions.
And that estimate only held true for the minimum number.
In other words, it is entirely possible that Gemalto may have sold, according to Cvrcek, close to hundreds of millions of these smart cards to companies and individuals around the world.
Moreover, people should not find it hard to find and discover case studies where they mention specific companies and organizations that have bought and used these Gemalto smart cards.
Have a look at
this one for example. (Case study PDF file no longer available from the external website)
This study clearly shows that the British Sky Broadcasting Group deployed some of these vulnerable smartcards recently to over 4000 of the company’s employees.
More Encryption Problems
Moving away from encryption problems in smart cards to the FBI.
In other words, the FBI director has come out and said that unbreakable encryption presented a big problem.
Christopher Wray also said that he understood the need for unbreakable encryption.
With that said, he believed the community had to search for a balance.
Taking to a conference involving law enforcement agencies, FBI Director Christopher Way said that he did not like unbreakable encryption.
Because his colleagues had worked hard but did not find any success in opening up around 7000 digital devices in the last eleven months.
Wray, talking to the International Association of Chiefs of Police conference in Philadelphia, said that if he had to put it mildly, unbreakable encryption had huge, huge repercussions.
Unbreakable encryption impacted investigations that spanned the entire globe.
He said it affected investigations related to criminal activities such as,
- Human trafficking
- Child exploitation
- Organized crime
And as it turns out Wray isn’t alone.
Just a couple of weeks ago, General Rod Rosenstein, a top law enforcement official said the same.
He actually called the community for responsible encryption.
This term, according to Rod, represented a magical method using which only individuals belong to law enforcement agencies could decrypt or get rid of the encryption on a given device that someone had digitally-locked.
How would such a method work?
No one knows.
According to Wray, he understood the need for encryption.
But he also believed that the community needed to strike a balance between encryption and the significance of allowing law enforcement agencies to use tools in order to keep the general public safe and secure.
Of course, he talked about a lot more things than just encryption.
He touted the organization’s (the FBI) partnerships with other law enforcement agencies around the world and locally.