Bitcoin technology looks luck this round since INFINEON chip design flaw – not vulnerable in ECC (Elliptic Curve Cryptography), flaw only encountered on RSA.
The flaw resides in the Infineon-developed RSA Library version v1.02.013. A design weakness has been found. A vulnerability in an implementation of RSA Key Generation could allow private encryption key disclosure.
This vulnerability affects any products using the affected code library “RSA Library version v1.02.013” developed by Infineon Technologies. Keys generated with smartcards or embedded devices using the Infineon library are vulnerable, as well as devices certified by NIST FIPS 140-2 and CC EAL 5+.
Queries of this vulnerability – in regards to so called security regulatory standard
It is hard to believe that a tough and harsh security requirements issued by NIST (FIPS 140-2) and Common Criteria. However the certified products are also the victim.
Do you think is there a verification and identification gap in between hardware vendor and security authority? And therefore such embarrass status happened today.
Known effect areas:
Component: Smartcards (manufacturers using Infineon smartcard chips and TPMs)
Component: Smartcards and IoT devices (manufacturers using Infineon smartcard chips and TPMs)
Component: IoT (manufacturers using Infineon smartcard chips and TPMs)
Laptops and mobile devices use Trusted Platform Module (TPM) hardware chips with the affected encryption key code library. For instance Google, Microsoft, HP, Lenovo, and Fujitsu. They claimed that the have patched their respective software.
Should you have interest in related topic, please refer to below url for reference.