Hardware Security Module - Executing Unsigned Code in HSM TEE

...In this session, we will introduce a novel attack against verification code of digital signature scheme provided by Gemalto (ex. SafeNet) company in their Hardware Security Module - LunaSP. By abusing it, we are able to execute arbitrary, unsigned code within the LunaSP HSM protected application layer. Due to the nature of the issue, we think that similar attacks could be propagated to other systems as well.

By: Przemyslaw Duda

Full Abstract: https://www.blackhat.com/eu-21/briefings/schedule/#hardware-security-module---executing-unsigned-code-in-hsm-tee-24960