There are two security researchers from Hardware wallet maker ‘Ledger’ have unveiled the vulnerabilities in Hardware Security Module (HSM) vendors.
The French Security Researchers talk about HSM Hacking in their research paper.
The presentation session will be on BlackHat USA 2019 in August, This highly technical presentation targets an HSM manufactured by a vendor whose solutions are usually found in major banks and large cloud service providers. It will demonstrate several attack paths, some of them allowing unauthenticated attackers to take full control of the HSM.
The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials. Finally, we exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM. This firmware includes a persistent backdoor that survives a firmware update.