NinjaLab: "All Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack."
- Chips in e-passports from the US, China, India, Brazil and numerous European and Asian nations
- Secure enclaves in Samsung and OnePlus phones
- Cryptocurrency hardware wallets like Ledger and Trezor
Ledger uses STMicroelectronics secure elements and should not be affected by this. Trezor Safe uses Infineon OPTIGA though. See https://bitcointalk.org/index.php?topic=5304483.0 for a table with wallets and their respective microcontrollers/secure elements.
Nice to see a fellow enthusiast here, this is a nice point that different hardware will have different levels of related risk. But this is kind of an entire class of attack where similar paths may be able to be used on these other controllers. Don't gloss over it.
On a side note, used to frequent a bar where one of the creators of Ledger also did. Was nice to spend various crypto freely!
Ledger literally supports key extraction as a feature and pushes hard the firmware updates. Last S firmware w/o key extraction still works, while the same X version cannot be used anymore.
Passports are kind of a big deal. The customs agent is going to visually verify the photo vs the holder, but the customs agent is going to trust the valid RFID chip probably 100% of the time as it's assumed to be unbreakable.
However if we look only at border checkpoints (including airports) in first world nations the number is probably a lot higher.
Not only are agents likely to be using the chip, self-service immigration gates have become really popular at airports around the world and mostly use the RFID chip together with a face scan
On the bright side, this bug seems to require an ECDSA operation, and I would guess that most ePassports are using RSA. Can't seem to find any statistics but the standards support both.
Since it's a non constant time implementation of a specific part of the EC operation (modular inversion) my guess would be they reused the code for that everywhere and it's probably also present in ecdh and all other algorithms requiring a modular inversion.
That's assuming that the validation software even has all issuing countries' root keys available.
Supposedly it's surprisingly (or maybe not, given how international government relations historically work) difficult for countries to exchange their public keys: Since there isn't any central authority, nor a chain of trust available (a la "this key is signed by France and Switzerland, so it's probably the real thing to us, Germany"), it boils down to n^2/2 key exchanges, and n additional ones every time a single key expires or, worse, has to be rotated on short notice. Then all of that has to be distributed to all border authority systems.
Last time I looked into this (10+ years ago), my laptop doing Passive Authentication and Active Authentication using 10 lines of Python and my country's root certificate (it's publicly available) was supposedly more than what most border checks could practically do.
ICAO, the international organization which maintains the standards for travel document interoperability does have a public key directory that a reasonably large number of countries now participate in. The beauty of international organizations is that the individual members don’t all have to be on the best terms with each other.
Yeah, it’s surprisingly not straightforward. In my home country (Russia), only some biometric passports issued inside the country can be used on the automatic gates – mine was issued in an embassy overseas, so I can’t use them. It works just fine in Malaysia, though!
Fortunately (in this case) the payments card industry only acknowledged the existence of Elliptic Curves in 2021 [1], so most EMV cards should be safe.
The most important parts use symmetric keys anyway.
Sounds like they buried the lede with this one then. Some of the items on that list being 'crackable' seem infinitely more dangerous than a general-purpose device such as a YubiKey.
> - Cryptocurrency hardware wallets like Ledger and Trezor
Ledger hardware wallets (which btw can serve as U2F authentication but, AFAIK, not FIDO2) are protected by a PIN: three wrong PINs and the device, unlike a Yubikey, factory resets itself.
IIUC the side-channel attack relies on a non constant-time modinv.
I don't know if there's a way to force that modinv to happen on a Ledger without knowing the PIN. I take it we'll have a writeup by Ledger on that attack very soon.
This is at best another forensic tool (unlocking the TPM of a locked laptop/phone for prosecution) and at worst a red herring for security flag.
- Clone a passport -> why cloning if you can issue new ones - getting risked being detected while using a clone (2 entries in 2 different countries, and you also need to look like the person) not to mention you have to destroy the passport
- Phone enclaves -> see above
- Crypto -> Hardware wallets should be kept on eye as badly as your normal wallet
- SIM Cards -> Swapping is faster, or if you're the the gov, just an intercept warrant will do the trick
- Laptops -> see above
- EMV Chips -> If you have those skills and money, I don't think you'll lose time on cloning credit/debit cards
> - Clone a passport -> why cloning if you can issue new ones - getting risked being detected while using a clone (2 entries in 2 different countries, and you also need to look like the person) not to mention you have to destroy the passport
Well... not really. ICAO compliant passports do not require storing a photo embedded in the chip, as long as you can forge the physical part of the passport (or obtain blanks) you just need the digital certificates from a "donor" passport of John Doe, print "John Doe" and his personal data (birth day/place, nationality, issuance/expiry data) on the human readable and MRZ fields, but crucially the photo of the person using the forgery.
Also, there are no centralized, cross country stores of entry/departure. Lots of places don't even register it for visa-free border crossings.
Some national ID documents, e.g. the Croatian national ID card "osobna iskaznica", do store a photo embedded in the chip, so that indeed restricts a forgery from being used by a non-lookalike.
> ICAO compliant passports do not require storing a photo embedded in the chip
That's completely on the issuing country then, though, just like they e.g. might choose to not use dynamic chip authentication, which also makes the passport subject to trivial chip cloning.
I wouldn't be surprised if some e-border gates reject travel documents that don't support chip authentication or don't have a digital version of the photo covered by the issuer signature.
Well... not really, from the viewpoint of a bank. Look, now the user can extract the key that the bank TOTP app carefully keeps, and transfer it to another (rooted) device, or use without a phone at all, meaning that this app is no longer a "something unclonable that you have" authentication factor. From a risk management and compliance perspective, that's a contract breach: the bank is legally obliged to store that secret securely, so that the user is guaranteed to complain if it could have been used by someone else.
India has e-passports? I am from there and I have one I renewed during the pandemic, so might have missed the news, but I didn't know we have e-passports now. I tried googling and didn't find much (the official page doesn't load).
Also I checked the PDF on Ninjalab port (article linked in this post) and there was no mention of India there. Is it from some other source like Twitter?
If I remember correctly, Infineon already had a big TPM recall a while back. I remember my T470p had to first install a BIOS update to enable userspace updating of the TPM, then the TPM update itself. And I think some Yubikeys were replaced for free due to the same or similar issue.
NinjaLab: "All Infineon security microcontrollers (including TPMs) that run the Infineon cryptographic library (as far as we know, any existing version) are vulnerable to the attack."
- Chips in e-passports from the US, China, India, Brazil and numerous European and Asian nations
- Secure enclaves in Samsung and OnePlus phones
- Cryptocurrency hardware wallets like Ledger and Trezor
- SIM cards
- TPMs in laptops from Lenovo, Dell, and HP
- EMV chips in credit and debit cards