The ROCA Vulnerability Compromises your Laptop’s Security

November 27, 2017   //   Security,

A security vulnerability was published in October 2017 that could allow hard drives protected with Bitlocker to be unencrypted, among other risks. If you count on Bitlocker to protect sensitive information on employee laptops, you need to assess the risk of the vulnerability and determine if you should take action to remediate in the short or long term. Note, the CVE (Common Vulnerabilities and Exposures) database scores the CVSS Severity as 5.9 (Medium) (NIST).

The Czech-based Center for Research on Cryptography and Security published the vulnerability (CVE-2017-15361) on 10/10/2017. It was responsibly disclosed to hardware vendors months earlier. The organization found a flaw in the RSA key generation process in a widely-used cryptographic software library found in Infineon secure chips. These chips are widely used in TPM modules in laptops, desktops and server hardware from many popular vendors including HP, Dell, Lenovo as well as the Microsoft Surface. The vulnerability also impacts smart cards, software signing, authentication tokens and message protection (S-MIME/PGP). The most vulnerable key strengths are 2048-bit and lower. The attacker only needs access to a victim’s RSA public key generated by this library in order to calculate the private key. RSA keys generated from software are not related to this vulnerability. The more modern Elliptic-Curve Cryptography (ECC) is also not impacted.

Remediation is accomplished for TPM modules by updating firmware using a utility provided by the hardware vendor (HP, Lenovo, etc.). This can be a time consuming process for the scope of all laptops in an organization, since it is not as routine or automated as typical Microsoft OS or application patches. Resolving the root issue could require each employee to drop off their laptop to the help desk for a hands-on local update process. In the use case of Bitlocker using TPM, the firmware update requires suspending BitLocker protection, updating the TPM firmware by providing the TPM owner password, clearing the TPM, then re-enabling Bitlocker protection. This will use a newly generated RSA key with the updated algorithm. There are many caveats and exceptions depending on the version of Windows OS and your risk tolerance. See the Microsoft Security Advisory ADV170012 for details.

Microsoft published a software patch to help provide more intelligence as well as provide a work around option using software encryption. The patch will generate an entry in Event Viewer at boot time if vulnerable firmware is identified. This can help IT teams audit systems on a wide scale. A script can also be used to gather the same information. See the “Affected Products” table in the above advisory for links to OS-specific patches. Bitlocker on Windows 7 cannot work around the hardware issue as it cannot use software encryption. In contrast W8.1 and above can. This is another reason to migrate to W10, if there weren’t enough already.

The Trusted Platform Module (TPM) Management snap-in (TPM.MSC) can be used to check the TPM specification (v1.2 or 2.0) and manufacturer version. On devices running Windows 10 that have the October 2017 security update installed, devices with affected TPM modules will display an obvious and clear error message in this TPM Management snap-in. Links to hardware vendor update pages can be found in various bulletins including the official guidance from Infineon.

Governments and organizations in highly regulated industries are likely to require remediation. For example, the Northern European country of Estonia has taken action by revoking 750,000 Digital IDs (smartcards) provisioned to all of its citizens since 2014. The cards were designed to be used for voting and other forms of identification. The cards were provisioned using RSA 2048-bit keys. Estonian officials originally thought the attack was too complicated and time consuming to require action, but a month after the vulnerability announcement an attack algorithm was developed that is 4 times faster. Because of the risk of the improved attack, the country is now re-issuing keys using state-of-the-art elliptic curve cryptography (ECC) which is not vulnerable.

Decrypting a vulnerable 2048-bit public key is estimated to cost $5K and take about 3 days, on average, using public cloud resources like Amazon Web Services. It should normally take on the order of 100 CPU-years. Decrypting a 1024-bit public key would take about $15 and 10 minutes with the same approach. Nation states or security research firms with a farm of servers using modern GPUs (Graphic cards) could crack even more keys in faster time at scale. At the time of writing this post, the vulnerability has been published for 5 weeks and there could be more attack algorithm improvements to come. See more details about key strengths on the research organization’s site.

RSA public keys can be checked for the vulnerability in a few seconds without going through the attack process. Many tools have become available including the online tool from These tools support uploading the exported public keys.

New vulnerabilities are a sobering reminder to use a layered approach to security. For example, leveraging Rights Management as part of SharePoint Online and Office 365 provides file-level encryption that is tightly tied to an identity. This would serve as another layer of protection in addition to now vulnerable disk based encryption.

Contact SWC today to help ensure your data is protected.