Millions of computers running theRSA security standardcould be
vulnerable to hacking attacks because the design of modern
processors makes it harder to detect bugs.
These flaws could be targeted by hackers to easily overcome
encryption techniques like RSA, which is used worldwide to conduct
on-line payments and transactions, said
Adi Shamir,
the founder of the RSA standard and the "S" in RSA.
He said design flaws which make their way into processors will
become more likely as chip design becomes more complex and because
chipmakers keep design specifications a trade secret,
"Millions of PCs can be attacked simultaneously, without having
to manipulate the operating environment of each one of them
individually", said Shamir in a research note.
Shamir revealed that causing a calculation error would make it
possible for an attacker to break the protection of
public key cryptography. If an intelligence organisation
discovered such an error in a widely used chip, then security
software on a PC with that chip could be "trivially broken with a
single chosen message".
He made no claim that such errors already exist or are already
being exploited but said that the tiniest error in chip design
could have a devastating impact even on public key cryptography if
countermeasures were not taken.
"The main countermeasures had already been deployed by smart
card makers to protect themselves from side channel attacks such as
timing, power and fault attacks. These were not used so far in
PC-based systems since PCs were believed to be immune to such
attacks, and the countermeasures have considerable impact on
performance," he said.
An Intel spokesman said that the flaw was a theoretical one and
required a lot of contingencies and added that the company looked
at everything when it came to processor design.