HSMs (Hardware Security Modules) bring cryptographic mechanisms to environments where the highest level of security is required. As an example, HSMs are widely used by cryptocurrency exchanges to secure crypto assets, by banks to protect cryptographic keys and customer PINs, and by telecommunications operators to manage SIM secrets. Basically, HSMs generate, store and protect cryptographic keys and rely on software and hardware mechanisms to prevent secrets from being stolen.
This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM. The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials. Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update.
Every vulnerability found has been responsibly disclosed to the manufacturer, who published firmware updates with security fixes. We eventually show how it's possible to drastically reduce the attack surface by developing a custom module which prevents almost all vulnerabilities found from being exploited.