ROCA vulnerability and Axalto / Gemalto .NET v2 smartcards

print
I wrote about the ROCA vulnerability yesterday. It affects Infineon security chips used in TPMs and smart cards. While it is easy to identify TPM modules and computers using them, smart cards are more difficult.

21/Oct: Please see an update on this topic here and at CERT/CC. Gemalto confirmed that its .NET line of smartcards is vulnerable to the ROCA.

The ROCA vulnerability has been since widely reported, so just a quick summary of primary links:

We have initially avoided identification of particular types of smart cards, which may contain and use the faulty cryptographic library, on purpose. The task is difficult as there are many types of smart cards and identification a particular smart card type is non-trivial. The implementation of a particular smart card type can further depend on the manufacturing year.

I have personally believed, and I still do, that while the replacement of weak keys generated by TPM modules may be a complex task, replacement of smart cards used by enterprises from VPN access and secure email, to physical access control will be harder still.

As a general rule of thumb, I advise all companies using smart cards for digital signing or authentication to establish their exposure to this vulnerability and initiate appropriate plans to mitigate any unacceptable risks.

I would further urge companies using smart cards marketed as Gemalto .NET v2 / Gemalto ID Prime .NET to test them for the ROCA vulnerability as we have collected several independent reports suggesting these cards produce weak RSA keys. Later models of these PKI smart cards (Gemalto ID Prime 510/511) were discontinued last month, but they have been a relatively popular choice for enterprise PKI-based security systems. First indications suggest that weak keys may be present in smart cards manufactured as far back as 2007 – a full 5 years before the currently reported date.

At the same time, Gemalto PKI smart cards with “MD” in their type / name are currently seen as secure.

Another strand of smart cards reported as vulnerable are Infineon Javacards. This is in line with the initial press release identifying Infineon and its cryptographic library to be the source of weak RSA keys.

 


Try the Professional HTTPS/TLS monitoring service KeyChest.net to keep on top of your certificates with its certificate auto-discovery. The public cloud service is free and allows you monitor thousands of certificates within minutes (YouTube video – 49 seconds).

Published by

Dan Cvrcek

Founder and CEO of Enigma Bridge, engineer, entrepreneur, cryptography SME, security architect, and professor.