Trusted Platform Module Vulnerabilities [CVE-2017-16837 and CVE-2018-6622]
Security researchers from the National Security Research Institute of South Korea have this month disclosed two vulnerabilities in the Trusted Platform Module (TPM, ISO11889-1:2009) standard used to provide hardware and software authenticity using integrated cryptographic keys.
Both vulnerabilities exist in how TPM modules implement the Advanced Configuration and Power Interface (ACPI) protocol, used by operating systems to control state suspension and power usage by peripheral devices. The researchers discovered that by abusing the process for TPM modules recovering from suspended states they could reset the module. They could then inject untrusted code into the boot process of the affected device.
The vulnerabilities require privileged, local access to exploit and the second vulnerability (CVE-2017-16837) can only be exploited on TPM modules using the Trusted Boot library.
For further information
- CVE-2018-6622 – SRTM vulnerability
- CVE-2017-16837 – DRTM (tboot) flaw
- ‘A Bad Dream: Subverting Trusted Platform Module While You Are Sleeping’ research paper (Han et al, 2018)
- Intel Trusted Execution Technology white paper (2012)
What Is TPM ?
The role of a TPM chip is to ensure hardware authenticity. A TPM uses RSA encryption keys to authenticate the hardware components involved in a computer’s boot-up process, but also its normal functioning.
Remediation
All major TPM vendors have confirmed updates are being produced to address these vulnerabilities. Users should contact their IT providers to ensure these updates are applied as soon as they become available.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.