Security advisory

Subject: Meltdown CVE-2017-5754 | Spectre CVE-2017-5753, CVE-2017-5715

1. Overview/background

Meltdown and Specter are attack scenarios that exploit critical vulnerabilities in modern processors. These security holes in hardware allow malicious programs to steal data that is processed locally on a PC.

As early as last June, Jann Horn – a research member of Google Project Zero – informed the processor vendors Intel, AMD and ARM about the vulnerability. At the beginning of January 2018, Meltdown and Specter became public. These affect almost all microprocessors.

All relevant operating systems are affected by Meltdown and Specter, such as:

• Microsoft Windows
• Linux
• macOS
• iOS
• Android
• FreeBSD

About Meltdown

Meltdown breaks the most basic isolation between user applications and the operating system. In other words, the boundary between user area and protected area in a CPU is "melted down". This attack allows a program to access the memory and thus sensitive information of other programs and the operating system. This applies to both PCs and the cloud infrastructure.

This bug concerns i.a. Intel and ARM CPUs that use out-of-order execution, that is, any processor made after 1995 (exceptions are Intel Itanium and Intel Atom, which were manufactured before 2013). Meltdown is an interplay of internal behaviors of Intel CPUs that cause protected memory to be read. With programs that should not be able to.

The cause for the simplicity and power of Meltdown are the side effects caused by the Out-of-order execution feature. Out-of-order execution is an important feature of today's processors to reduce latencies of busy execution units, e.g. to overcome a program. Instead of halting execution, modern processors perform operations "out-of-order", meaning they look ahead and plan to perform operations later. This takes place in the idle execution units of the processor. This area is not specifically protected, but user-level access is usually not possible. With Meltdown it is possible to read this protected area.

About Spectre

Spectre breaks the isolation between different applications. Specter is much more complex and affects not only the Intel processors, but also other manufacturers such as AMD or ARM.

Here is the keyword "speculative execution". This also achieves a performance advantage through "over-execution" or "over-utilization". The processor makes various performance calculations to answer the request of a program in a matter of nano seconds.

However, most of these forecasts are not used and eventually discarded. These then end up in a cache memory in the CPU. Spectre can access this area or induce processors to execute instructions they should not have done. Therefore, Specter gets access in the form of a malicious application such as JavaScript to confidential information in the memory of other applications.

2. General safety instructions

In general, it is advisable to perform the updates of the respective operating systems, manufacturers of computer systems, processor manufacturers and software applications. Here is a corresponding list with the links to the pages of the manufacturers: https://meltdownattack.com/#faq-fix

In the course of the published updates on January 3rd, 2018, Microsoft announced some compatibility issues with antivirus software. Here is a statement from Microsoft and recommendations for action: https://support.microsoft.com/en-hk/help/4072699/january-3-2018-windows-... Meanwhile, the antivirus manufacturers have responded to this circumstance. Check with your provider, if it has provided a corresponding update.

In general, the updates can affect the performance of the processors. From the series Intel Core i-6000 (Skylake) the losses are low. For older processors, a slowdown is noted. Microsoft has given a detailed assessment here: https://cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understandin...

Intel has released its own performance benchmark here: https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Blog-Benc...

3. Rohde & Schwarz Cybersecurity endpoint- and management products

At Rohde & Schwarz Cybersecurity we recommend the following:

1. Install the respective patches / updates for the platform / operating system. Below is a list of products that require such an update:

• Browser in the Box
• TrustedDisk
• TrustedGate
• TrustedIdentity Manager

2. Install the respective operating system patches / updates of the platforms from which the management component is accessed via a browser.

Below is a list of products that require an update:

• CommandCenter
• SITScope
• TrustedObjects Manager

4. Please contact us!

If you have further questions or your product used by us is not listed or if you any concerns, then please contact us.

Subject: Vulnerability in Infineon Smartcard with SLE78 Chip and TPM 1.2 SLB9655 of series FW 4.32

A research team has detected a vulnerability in security chips of the manufacturer Infineon leading to the generation of insecure RSA-Keys. The loophole is supposed to be in Infineon chips as from production year 2012. In the following you will learn about the affected products and our recommendations for action.

Please note that this is not a vulnerability in Rohde & Schwarz Cybersecurity’s software, but in Infineon’s.

1. Customers using TrustedDisk and TrustedIdentity Manager with Infineon Smartcards of SLE78 (series SLE66 and older is not affected) series and ATOS Firmware CardOS 5.X – we recommend

• to use this solely with the new patched ATOS Middleware version CardOS API 5.4. During a (new) personalization of the Smartcard this applies an appropriate patch onto the card solving the problem
• to patch the Firmware by re-personalizing already launched Smartcards by this Middleware.

We provide the latest CardOS API 5.4 to our customers via our support.

2. Customers with TrustedObject Manager of series TOM - S (Revision 2), delivered 2014 – 2017. These systems have built in an Infineon TPM chip TPM 1.2 SLB9655 of series FW 4.32, which includes the above vulnerability. As of today, the safety of the systems is not imminently at risk, since further safety procedures are applied. Nevertheless, we recommend to patch the TPM chip within the scope of the next TOM release updates.

3, We point out that the TOM – S (Rev. 2) is not approved for the use in georedundant environments. Customers who nonetheless deploy this version in such a configuration, we highly recommend to run additional protection of the connection, for example by a TrustedVPN, or to deploy a TOM L version released for this configuration.

We regret the efforts and circumstances that arise with the error in the Infineon Smartcard Firmware and stay at your disposal for questions and any further information as follows:

Uwe Dietzmann

Support Engineer | Customer Support

Phone: +49 341 59403 012

Email: uwe.dietzmann@rohde-schwarz.com

Kind regards

Rohde & Schwarz Cybersecurity GmbH

Subject: Vulnerability in Infineon Smartcard with SLE78 Chip and TPM 1.2 SLB9655 of series FW 4.32

A research team has detected a vulnerability in security chips of the manufacturer Infineon leading to the generation of insecure RSA-Keys. The loophole is supposed to be in Infineon chips as from production year 2012. In the following you will learn about the affected products and our recommendations for action.

Please note that this is not a vulnerability in Rohde & Schwarz Cybersecurity’s software, but in Infineon’s.

1. Customers using TrustedDisk and TrustedIdentity Manager with Infineon Smartcards of SLE78 (series SLE66 and older is not affected) series and ATOS Firmware CardOS 5.X – we recommend

• to use this solely with the new patched ATOS Middleware version CardOS API 5.4. During a (new) personalization of the Smartcard this applies an appropriate patch onto the card solving the problem
• to patch the Firmware by re-personalizing already launched Smartcards by this Middleware.

We provide the latest CardOS API 5.4 to our customers via our support.

2. Customers with TrustedObject Manager of series TOM - S (Revision 2), delivered 2014 – 2017. These systems have built in an Infineon TPM chip TPM 1.2 SLB9655 of series FW 4.32, which includes the above vulnerability. As of today, the safety of the systems is not imminently at risk, since further safety procedures are applied. Nevertheless, we recommend to patch the TPM chip within the scope of the next TOM release updates.

3, We point out that the TOM – S (Rev. 2) is not approved for the use in georedundant environments. Customers who nonetheless deploy this version in such a configuration, we highly recommend to run additional protection of the connection, for example by a TrustedVPN, or to deploy a TOM L version released for this configuration.

We regret the efforts and circumstances that arise with the error in the Infineon Smartcard Firmware and stay at your disposal for questions and any further information as follows:

Uwe Dietzmann

Support Engineer | Customer Support

Phone: +49 341 59403 012

Email: uwe.dietzmann@rohde-schwarz.com

Kind regards

Rohde & Schwarz Cybersecurity GmbH

Subject: Vulnerability in Infineon Smartcard with SLE78 Chip and TPM 1.2 SLB9655 of series FW 4.32

A research team has detected a vulnerability in security chips of the manufacturer Infineon leading to the generation of insecure RSA-Keys. The loophole is supposed to be in Infineon chips as from production year 2012. In the following you will learn about the affected products and our recommendations for action.

Please note that this is not a vulnerability in Rohde & Schwarz Cybersecurity’s software, but in Infineon’s.

1. Customers using TrustedDisk and TrustedIdentity Manager with Infineon Smartcards of SLE78 (series SLE66 and older is not affected) series and ATOS Firmware CardOS 5.X – we recommend

• to use this solely with the new patched ATOS Middleware version CardOS API 5.4. During a (new) personalization of the Smartcard this applies an appropriate patch onto the card solving the problem
• to patch the Firmware by re-personalizing already launched Smartcards by this Middleware.

We provide the latest CardOS API 5.4 to our customers via our support.

2. Customers with TrustedObject Manager of series TOM - S (Revision 2), delivered 2014 – 2017. These systems have built in an Infineon TPM chip TPM 1.2 SLB9655 of series FW 4.32, which includes the above vulnerability. As of today, the safety of the systems is not imminently at risk, since further safety procedures are applied. Nevertheless, we recommend to patch the TPM chip within the scope of the next TOM release updates.

3, We point out that the TOM – S (Rev. 2) is not approved for the use in georedundant environments. Customers who nonetheless deploy this version in such a configuration, we highly recommend to run additional protection of the connection, for example by a TrustedVPN, or to deploy a TOM L version released for this configuration.

We regret the efforts and circumstances that arise with the error in the Infineon Smartcard Firmware and stay at your disposal for questions and any further information as follows:

Uwe Dietzmann

Support Engineer | Customer Support

Phone: +49 341 59403 012

Email: uwe.dietzmann@rohde-schwarz.com

Kind regards

Rohde & Schwarz Cybersecurity GmbH

Subject: Vulnerability in Infineon Smartcard with SLE78 Chip and TPM 1.2 SLB9655 of series FW 4.32

A research team has detected a vulnerability in security chips of the manufacturer Infineon leading to the generation of insecure RSA-Keys. The loophole is supposed to be in Infineon chips as from production year 2012. In the following you will learn about the affected products and our recommendations for action.

Please note that this is not a vulnerability in Rohde & Schwarz Cybersecurity’s software, but in Infineon’s.

1. Customers using TrustedDisk and TrustedIdentity Manager with Infineon Smartcards of SLE78 (series SLE66 and older is not affected) series and ATOS Firmware CardOS 5.X – we recommend

• to use this solely with the new patched ATOS Middleware version CardOS API 5.4. During a (new) personalization of the Smartcard this applies an appropriate patch onto the card solving the problem
• to patch the Firmware by re-personalizing already launched Smartcards by this Middleware.

We provide the latest CardOS API 5.4 to our customers via our support.

2. Customers with TrustedObject Manager of series TOM - S (Revision 2), delivered 2014 – 2017. These systems have built in an Infineon TPM chip TPM 1.2 SLB9655 of series FW 4.32, which includes the above vulnerability. As of today, the safety of the systems is not imminently at risk, since further safety procedures are applied. Nevertheless, we recommend to patch the TPM chip within the scope of the next TOM release updates.

3, We point out that the TOM – S (Rev. 2) is not approved for the use in georedundant environments. Customers who nonetheless deploy this version in such a configuration, we highly recommend to run additional protection of the connection, for example by a TrustedVPN, or to deploy a TOM L version released for this configuration.

We regret the efforts and circumstances that arise with the error in the Infineon Smartcard Firmware and stay at your disposal for questions and any further information as follows:

Uwe Dietzmann

Support Engineer | Customer Support

Phone: +49 341 59403 012

Email: uwe.dietzmann@rohde-schwarz.com

Kind regards

Rohde & Schwarz Cybersecurity GmbH

Subject: Vulnerability in Infineon Smartcard with SLE78 Chip and TPM 1.2 SLB9655 of series FW 4.32

A research team has detected a vulnerability in security chips of the manufacturer Infineon leading to the generation of insecure RSA-Keys. The loophole is supposed to be in Infineon chips as from production year 2012. In the following you will learn about the affected products and our recommendations for action.

Please note that this is not a vulnerability in Rohde & Schwarz Cybersecurity’s software, but in Infineon’s.

1. Customers using TrustedDisk and TrustedIdentity Manager with Infineon Smartcards of SLE78 (series SLE66 and older is not affected) series and ATOS Firmware CardOS 5.X – we recommend

• to use this solely with the new patched ATOS Middleware version CardOS API 5.4. During a (new) personalization of the Smartcard this applies an appropriate patch onto the card solving the problem
• to patch the Firmware by re-personalizing already launched Smartcards by this Middleware.

We provide the latest CardOS API 5.4 to our customers via our support.

2. Customers with TrustedObject Manager of series TOM - S (Revision 2), delivered 2014 – 2017. These systems have built in an Infineon TPM chip TPM 1.2 SLB9655 of series FW 4.32, which includes the above vulnerability. As of today, the safety of the systems is not imminently at risk, since further safety procedures are applied. Nevertheless, we recommend to patch the TPM chip within the scope of the next TOM release updates.

3, We point out that the TOM – S (Rev. 2) is not approved for the use in georedundant environments. Customers who nonetheless deploy this version in such a configuration, we highly recommend to run additional protection of the connection, for example by a TrustedVPN, or to deploy a TOM L version released for this configuration.

We regret the efforts and circumstances that arise with the error in the Infineon Smartcard Firmware and stay at your disposal for questions and any further information as follows:

Uwe Dietzmann

Support Engineer | Customer Support

Phone: +49 341 59403 012

Email: uwe.dietzmann@rohde-schwarz.com

Kind regards

Rohde & Schwarz Cybersecurity GmbH