While we were still finding it difficult to forget the Krack attack, a five-year-old bug has resurfaced in a new form to haunt Google and Microsoft. Known as ROCA (Return of Coppersmith’s Attack), the encryption key-related exploit is named after the Coppersmith’s attack.
The ROCA hack: Vulnerable RSA Generation (CVE-2017-15361), developed by the researchers at Centre for Research on Cryptography and Security, Masaryk University, Enigma Bridge and Ca’ Foscari University targets the weakness in the cryptography tech in chips made by Infineon Technologies.
The range of affected devices – released as early as – includes a large number of Chromebooks, and Windows laptops manufactured by Fujitsu, HP, and Lenovo which feature the hardware chips created by Infineon.
The problem lies in the way the manufacturers implement the widely-used RSA encryption. This makes it possible to figure out the private key if the public key is available which isn’t a big deal.
ROCA hack is practically more effective against 1024-bit encryption keys. Researchers calculated the cost of performing the attack via Amazon cloud servers. It would require around $76 to crack a 1024-bit key while more funds would be needed for a 2048-bit key. It would cost $40,000 as higher bit keys are more complicated, and therefore, harder to crack.
Submitted by: Arnfried Walbrecht