HSM Vulnerabilities Impact Banks, Cloud Providers, Governments

Researchers at hardware wallet maker Ledger discovered vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside Hardware Security Modules (HSMs).

HSMs are hardware-isolated devices that used advanced cryptography to store, manipulate, and work with sensitive information such as digital keys, passwords, and PINs.

The vulnerabilities allow a remote unauthenticated attacker to take full control of the vendor’s HSM.

In addition, the researchers found they could exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM.

“Perhaps the most concerning part of the attack is that the firmware update backdoor is persistent. There could be live HSMs deployed in critical infrastructure now containing similar backdoors,” according to researchers at Cryptosense.

Leave a Comment

Your email address will not be published. Required fields are marked *