Bitcoin technology looks luck this round since INFINEON chip design flaw – not vulnerable in ECC (Elliptic Curve Cryptography), flaw only encountered on RSA.

Vulnerability

The flaw resides in the Infineon-developed RSA Library version v1.02.013. A design weakness has been found. A vulnerability in an implementation of RSA Key Generation could allow private encryption key disclosure.

This vulnerability affects any products using the affected code library “RSA Library version v1.02.013” developed by Infineon Technologies. Keys generated with smartcards or embedded devices using the Infineon library are vulnerable, as well as devices certified by NIST FIPS 140-2 and CC EAL 5+.

Queries of this vulnerability – in regards to so called security regulatory standard

It is hard to believe that a tough and harsh security requirements issued by NIST (FIPS 140-2) and Common Criteria. However the certified products are also the victim.

Do you think is there a verification and identification gap in between hardware vendor and security authority? And therefore such embarrass status happened today.

Known effect areas:

Government:

Component: Smartcards (manufacturers using Infineon smartcard chips and TPMs)

Businesses: 

Component: Smartcards and IoT devices (manufacturers using Infineon smartcard chips and TPMs)

Home Users:

Component: IoT (manufacturers using Infineon smartcard chips and TPMs)

Vendor announcement:

Laptops and mobile devices use Trusted Platform Module (TPM) hardware chips with the affected encryption key code library. For instance Google, Microsoft, HP, Lenovo, and Fujitsu. They claimed that the have patched their respective software.

Reference:

Should you have interest in related topic, please refer to below url for reference.

https://nvd.nist.gov/vuln/detail/CVE-2017-15361