Banks, cloud providers, governments could be impacted by major HSM vulnerabilities.

Two security researchers have recently revealed vulnerabilities that can be exploited remotely to retrieve sensitive data stored inside special computer components known as HSMs (Hardware Security Modules). “The presented attacks allow retrieving all HSM secrets remotely, including cryptographic keys and administrator credentials,” researchers said. Furthermore, the two also said they can “exploit a cryptographic bug in the firmware signature verification to upload a modified firmware to the HSM.”

Source: ZDNet