RSA-1024 Private Key Extraction Made Possible
A collaboration of security researchers have discovered a vulnerability in the Libgcrypt module of GnuGP that could allow an attacker to recover the private key.
This type of attack is likely to be used by APT groups as part of the exfiltration phase of an attack where the goal is to collect data such as an organisation’s intellectual property.
GnuGP is a widely used free implementation of the OpenPGP standard and is used to encrypt and sign data and communications securely. Libgcrypt is a module that is found inside the GnuGP package providing the encryption functionality.
Updated packages have now been released for all major distributions and can be obtained from the relevant package managers.
Affected Platforms: libgcrypt20
- Ensure libgcrypt20 is updated at the earliest opportunity where in use.
- Where data is highly sensitive, stronger encryptions should be considered.
- Ensure a multi-layered approach is taken with regards to security solutions such as host and network based intrusion detection mechanisms put in place to detect an attack against systems as well as indicators that may indicate an exfiltration attempt from a system within the network.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.