By Daniel Franke, Infosec Researcher
Akamai is aware of the recently-disclosed "ROCA" vulnerability in cryptographic firmware used in products made by Infineon Technologies. A bug in the firmware's prime-search algorithm used for RSA key generation results in RSA keys that are relatively cheap and inexpensive to factor. The bug impacts Infineon Trusted Platform Modules (TPMs) as well as many smartcards and Hardware Security Modules (HSMs) that use Infineon chips but do not carry Infineon branding, notably including the popular YubiKey 4. In some cases, it may be possible to patch affected devices with an OEM-supplied firmware update. In other cases, the hardware must be replaced.