EUCLEAK (Exploit Kit) – Malware

Overview

The EUCLEAK exploit reveals a critical vulnerability within the cryptographic libraries used in secure elements, affecting devices from prominent manufacturers such as Infineon Technologies. Secure elements, often regarded as the cornerstone of secure authentication, are microcontrollers designed to protect sensitive cryptographic keys and data through advanced security protocols. These elements are integral to systems like FIDO hardware tokens, cryptocurrency hardware wallets, and electronic passports, which require robust, near-invulnerable protection. However, the EUCLEAK exploit sheds light on a long-overlooked weakness in the cryptographic algorithms running on these devices, potentially compromising their security in high-stakes environments.

Targets

Information

How they operate

The Vulnerability: Non-Constant-Time Modular Inversion

At the heart of the EUCLEAK exploit is a vulnerability in the cryptographic library used by Infineon Technologies’ secure elements. The issue lies within the modular inversion operation, which is critical to the ECDSA process. Modular inversion is a mathematical operation used in the creation of digital signatures, and its implementation must be constant-time to avoid introducing timing leaks, which can reveal information about the secret key. In Infineon’s implementation of ECDSA, the modular inversion operation was not constant-time, leading to subtle timing differences that could be exploited through side-channel analysis.

When an attacker targets the device, the non-constant-time behavior of this modular inversion allows for the leakage of information during the computation, making it possible to infer the private key used for digital signatures. This flaw in the implementation persisted for over 14 years without detection, even through rigorous Common Criteria certifications, underscoring how such vulnerabilities can remain hidden despite stringent security reviews.

The Mechanics of the Attack

The EUCLEAK attack relies on a form of side-channel analysis that capitalizes on electromagnetic emissions produced by the secure element during cryptographic operations. These emissions, though minute, can be captured using sensitive equipment to reconstruct information about the computations occurring inside the chip. Specifically, during the execution of the modular inversion step in ECDSA, the side-channel emissions vary depending on the data being processed, particularly the secret key used for signing.

By collecting this electromagnetic data over time, an attacker can use sophisticated analysis techniques to reverse-engineer the secret key. The attack does not require physical access to the cryptographic key itself, but rather the ability to monitor the device’s side-channel emissions during cryptographic operations. This makes the exploit particularly dangerous in environments where attackers can gain brief but focused access to a device.

Practical Demonstration: Cloning FIDO Authentication Tokens

The practical impact of the EUCLEAK attack is most pronounced when applied to FIDO authentication tokens, such as the YubiKey 5 Series. These devices rely on the ECDSA algorithm to securely authenticate users to online services, and the private key stored within the secure element is fundamental to the integrity of the FIDO protocol. The EUCLEAK exploit allows attackers to clone a YubiKey by extracting the private key, effectively creating a replica of the device.

The process begins with the attacker gaining physical access to the target device. Using equipment capable of capturing electromagnetic side-channel emissions, the attacker monitors the device during authentication operations. By analyzing the captured data, the attacker can extract the private key used in the ECDSA process. Once the private key is obtained, the attacker can sign authentication requests and impersonate the legitimate user. This effectively undermines the security of the FIDO token, which was initially designed to prevent phishing and unauthorized access.

Extending the Vulnerability Beyond FIDO Tokens

The implications of the EUCLEAK exploit extend beyond FIDO authentication tokens. Infineon’s secure elements, such as the Infineon Optiga Trust M and Optiga TPM, which are used in a wide range of security-critical applications, are also vulnerable to this attack. These microcontrollers are embedded in various devices, including electronic passports, cryptocurrency hardware wallets, and even automotive systems. In these cases, the ability to extract private cryptographic keys poses a significant threat to the integrity of the entire system.

While the attack requires physical access to the device, which limits its practical use to highly targeted threats, the widespread adoption of Infineon’s security microcontrollers means that a variety of industries and government entities are potentially at risk. The EUCLEAK exploit highlights a broader issue of trust in secure elements, particularly when vulnerabilities lie in the fundamental cryptographic processes that underpin these systems.

Conclusion: Mitigating the EUCLEAK Threat

The EUCLEAK malware exposes a serious flaw in the cryptographic operations of secure elements, specifically in the implementation of modular inversion within ECDSA. This vulnerability, which had remained undetected for over 14 years, allows attackers to extract private keys through electromagnetic side-channel analysis. Although the attack requires specialized equipment and physical access to the device, it can compromise the security of FIDO tokens and other critical systems relying on Infineon’s secure microcontrollers.

As a result, it is crucial for manufacturers of secure elements and devices that use them to address this vulnerability. A constant-time implementation of modular inversion must be prioritized to prevent future side-channel leaks. Additionally, device owners should remain vigilant and take steps to secure their tokens and devices physically, as the EUCLEAK attack underscores the importance of both cryptographic robustness and physical security in protecting sensitive data.

References

• EUCLEAK