Moxa Industrial Computers Physical Attack Vulnerability Allowing Offline Decryption of eMMC Contents

A physical attack vulnerability has been identified in certain Moxa industrial computers running Moxa Industrial Linux 3. These computers use TPM-backed LUKS full-disk encryption, with the discrete TPM connected to the CPU via an SPI bus. Exploitation of this vulnerability requires invasive physical access, including opening the device and attaching external equipment to the SPI bus to capture TPM communications. If successful, the captured data could allow offline decryption of the eMMC contents. This vulnerability cannot be exploited remotely and requires extended physical access, possession of the device, appropriate equipment, and sufficient time for signal capture and analysis.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive data stored on the eMMC, allowing for offline decryption and potential exposure of confidential information.

Remediation

Users can update to the latest security patch available through the Moxa Technical Support. After applying the patch, the system must be rebooted to complete the update.