Exposing Vulnerabilities in Hardware Security Modules: Risks to Cryptographic Key Management and Bitcoin Security

BY KEYHUNTER 03.04.2025

A vulnerability in SafeNet’s Hardware Security Modules (HSMs), widely used for cryptographic key management, was discovered by Cem Paya, Chief Security Officer at Gemini. This flaw allowed attackers to brute-force secret keys, compromising both public and private keys that were supposed to remain securely stored within the device. SafeNet released a fix for this “high severity” issue, emphasizing the importance of updating affected devices.

HSMs are tamper-resistant devices designed to protect cryptographic keys for governments, banks, and payment systems. They have been adopted in the Bitcoin industry as part of cold storage solutions, offering enhanced security compared to software wallets. However, this vulnerability highlighted the risks even in specialized hardware. Despite the flaw, HSMs remain a best practice for managing cryptographic keys due to their robust security measures, such as self-destruction mechanisms and air-gapped deployment.

Gemini and other companies continue to use HSMs for Bitcoin key storage while advocating for layered security strategies to mitigate risks. This incident underscores the need for rigorous implementation and regular updates to ensure optimal protection against emerging threats.

Summary:

A critical vulnerability in SafeNet HSMs allowed attackers to extract cryptographic keys, posing risks for Bitcoin security. While SafeNet released a patch to address the issue, it demonstrated that even advanced hardware solutions require diligent management and updates. Despite this flaw, HSMs are still considered a best practice for safeguarding cryptographic keys in Bitcoin systems.

The key findings from the research on hacking Hardware Security Modules (HSMs) include:

  1. Vulnerability Exploitation: Researchers demonstrated that HSMs, despite being considered highly secure, can be vulnerable to hacking. They used legitimate software development kit (SDK) access to upload a firmware module, gaining a shell inside the HSM. This allowed them to exploit buffer overflows in the PKCS#11 implementation, which is a standard for cryptographic tokens[1][2].
  2. Remote Access and Key Extraction: The researchers showed that it is possible to remotely exploit these vulnerabilities, allowing attackers to retrieve all HSM secrets, including cryptographic keys and administrator credentials. This can be done by calling the PKCS#11 driver from the host machine[1][2].
  3. Persistent Backdoor: The attack included creating a persistent backdoor by uploading unsigned firmware. This backdoor remains even after a firmware update, posing a long-term security risk[1][2].
  4. Compliance Does Not Ensure Security: The research highlighted that compliance with security standards, such as FIPS 140-2 Level 3, does not guarantee the security of an HSM. The attacked HSM was compliant with these standards yet still vulnerable[1].
  5. Technical Challenges and Solutions: The researchers faced several technical challenges, including finding exploitable buffer overflows and bypassing access controls. They overcame these by using fuzzing techniques and exploiting firmware signature verification bugs[2].

The specific vulnerabilities exploited in the HSM attacks include:

  1. Buffer Overflows in PKCS#11 Implementation: Researchers used a fuzzer to identify exploitable buffer overflows in the PKCS#11 commands. These overflows could be exploited from outside the HSM by calling the PKCS#11 driver from the host machine[1][5].
  2. Code Execution and Firmware Signature Verification Bugs: Attackers exploited code execution vulnerabilities and a bug in firmware signature verification to upload modified firmware. This allowed them to install a persistent backdoor, even after a firmware update[1][2][3].
  3. API Design Flaws: Faults in API specifications can lead to the extraction of sensitive information. Non-compliant implementations and incorrect usage of cryptographic mechanisms also weaken security[4].
  4. Memory Corruption Bugs: The Ledger Security Team found 14 vulnerabilities, including memory corruption bugs similar to Heartble, which could leak sensitive data like keys. They also exploited a type confusion during deserialization to gain remote code execution[3].
  5. Firmware Update Mechanism Flaws: Researchers reverse-engineered the update mechanism to bypass firmware signatures, allowing malicious updates and persistent backdoors[3].

Citations:
[1] https://cert.europa.eu/publications/threat-intelligence/threat-memo-190612-1/pdf
[2] https://social.cyware.com/news/vulnerabilities-in-hardware-security-modules-hsms-allow-attackers-to-retrieve-sensitive-data-3002e405
[3] https://www.ledger.com/blog/blackhat2019-presentation
[4] https://mobilityrockstars.com/wp-content/uploads/2022/01/HSM-Whitepaper_v2_2022_Cognizant-Mobility_Eduard-Pop.pdf
[5] https://prohoster.info/en/blog/novosti-interneta/uyazvimosti-v-hsm-modulyah-kotorye-mogut-privesti-k-atake-na-klyuchi-shifrovaniya
[6] https://www.entrust.com/blog/2019/06/entrust-response-to-sstic-hsm-security-vulnerability
[7] https://supportportal.thalesgroup.com/csm?id=kb_article_view&sys_kb_id=5c18186b478aa950128dca72e36d4391&sysparm_article=KB0027106
[8] https://www.code-intelligence.com/blog/protect-your-hardware-security-module-against-edge-cases

Citations:
[1] https://cert.europa.eu/publications/threat-intelligence/threat-memo-190612-1/pdf
[2] https://www.schneier.com/blog/archives/2019/06/hacking_hardwar.html
[3] https://ceur-ws.org/Vol-3402/paper10.pdf
[4] https://biztechmagazine.com/glossary/what-is-hardware-security-module
[5] https://www.darkreading.com/identity-access-management-security/researchers-discover-way-to-hack-hardware-security-module-gain-access-to-cryptographic-keys
[6] https://www.fortinet.com/uk/resources/cyberglossary/hardware-security-module
[7] https://utimaco.com/current-topics/blog/role-of-hsm-in-public-key-infrastructure

Citations:
[1] https://www.coindesk.com/markets/2015/07/15/hardware-vulnerability-could-compromise-bitcoin-private-keys
[2] https://vault12.com/learn/
[3] https://www.gemini.com/blog/your-bitcoin-wallet-may-be-at-risk-safenet-hsm-key-extraction-vulnerability
[4] https://tryhackme.com/room/adventofcyber2024
[5] https://www.ledger.com/how-to-properly-secure-cryptocurrencies-exchanges
[6] https://www.varutra.com/ctp/posts/postDetails/cVVFZ0ZnSFVZMEN1dGxTcDB3SlZKZz09/Lazarus-Hackers-Exploit-Google-Chrome-Zero-Day-Through-Fake-DeFi-Game
[7] https://www.secureidnews.com/news-item/safenet-provides-security-guidelines-for-pki-based-transactions/
[8] https://www.cambridge.org/core/elements/digital-assets/717173712643BA0223B80B9D8418A103