Major HSM vulnerabilities impact banks, cloud providers, governments

Using a hardware security device (e.g. USB cryptowallet)? You’ll probably want to check if any updates are available…:


The duo, made up by Gabriel Campana and Jean-Baptiste Bédrune, said they reported the findings to the HSM maker, which “published firmware updates with security fixes.”

The two did not name the vendor, but the team behind the Cryptosense security audit software pointed out that the vendor may be Gemalto, which issued a security update last month for its Sentinel LDK, an API for managing hardware keys on HSM components.


Original article here