Researchers Detect Major HSM Vulnerabilities
Ami Rojkes Dombe
| 11/06/2019
bigstockphoto
Two security researchers have recently revealed vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside special computer components known as HSMs (Hardware Security Modules).
HSMs are hardware-isolated devices that use advanced cryptography to store, manipulate, and work with sensitive information such as digital keys, passwords, PINs, and various other sensitive information.
At a security conference in France this past week, two security researchers from hardware wallet maker Ledger have disclosed details about several vulnerabilities in the HSM of a major vendor. The two are scheduled to present their findings at the Black Hat security conference that will be held in the US in August.
According to a summary of this upcoming presentation, the vulnerabilities they discovered allow a remote unauthenticated attacker to take full control of the vendor’s HSM.
“The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials,” the researchers said.
[Source: ZDNet]
bigstockphoto
Two security researchers have recently revealed vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside special computer components known as HSMs (Hardware Security Modules).
HSMs are hardware-isolated devices that use advanced cryptography to store, manipulate, and work with sensitive information such as digital keys, passwords, PINs, and various other sensitive information.
At a security conference in France this past week, two security researchers from hardware wallet maker Ledger have disclosed details about several vulnerabilities in the HSM of a major vendor. The two are scheduled to present their findings at the Black Hat security conference that will be held in the US in August.
According to a summary of this upcoming presentation, the vulnerabilities they discovered allow a remote unauthenticated attacker to take full control of the vendor’s HSM.
“The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials,” the researchers said.
[Source: ZDNet]
