p2pnet view Security:- “It’s sort of doing the impossible. This is a lock on Pandora’s box. And now that he’s pried open the lock, it’s like, ooh, where does it lead you?”
That’s Jeff Moss, founder of the Black Hat security conference and a member of the US Department of Homeland Security’s advisory council on learning Christopher Tarnovsky (right) had successfully penetrated the Holiest of Holies — an Infineon TPM chip.
Explains the Wikipedia:
“In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the “TPM chip” or “TPM Security Device” (as designated in certain Dell BIOS settings. The TPM specification is the work of the Trusted Computing Group.”
The Trusted Computing Group (TCG) followed the Trusted Computing Platform Alliance (TCPA), “an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft”, says another Wikipedia post.
“Earlier this week, an engineer presented findings at the Black Hat Conference purportedly showing how a Trusted Platform Module (TPM) could be physically compromised to access unencrypted data inside”, says the group on its home page, going on >>>
Turning on and using the TPM chip is one of the single most cost-effective steps for ensuring robust security in the PC. The TPM was designed to enable trusted online computing and prevent software-based attacks-the predominant security threat impacting the IT equipment. At the same time, the TPM also provides a tamper-resistant means to physical security of the PC itself, and has always been billed as such.
But, it hastens to stress, “The Trusted Computing Group has never claimed that a physical attack-given enough time, specialized equipment, know-how and money-was impossible.”
It points out that, unlike a software attack, this kind of hack calls for the physical possession of the PC and, not only but also, “it was conducted by someone with extensive skills in reverse engineering, intricate knowledge of semiconductors and access to specialized equipment.”
“In addition, breaking a single TPM in this manner grants access to one machine – a one-time hack that would need to be physically replicated for every machine, offering no further advantage in accessing the rest of the 300 million TPM chips on PCs around the world”, it adds.
‘Your secrets aren’t that safe’
The quote in the intro comes from a New Zealand Herald post on Tarnovsky’s hack, and it has him saying, “You’ve trusted this chip to hold your secrets, but your secrets aren’t that safe.”
Tarnovsky, 38, runs Flylogic security in California and the chip he hacked “is a flagship model from Infineon Technologies AG, the top maker of TPM chips”, says the story, quoting Tarnovsky as saying the technique would work on the entire family of Infineon chips based on the same design.
And, “That includes non-TPM chips used in satellite TV equipment, Microsoft’s Xbox 360 game console and smart phones,” it says, stating >>>
That means his attack could be used to pirate satellite TV signals or make Xbox peripherals, such as handheld controllers, without paying Microsoft a licensing fee, Tarnovsky said. Microsoft confirmed its Xbox 360 uses Infineon chips, but would only say that “unauthorised accessories that circumvent security protocols are not certified to meet our safety and compliance standards.”
The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can’t be sure, however, whether his attack would work on TPM chips made by companies other than Infineon.
He “needed six months to figure out his attack, which requires skill in modifying the tiny parts of the chip without destroying it”, says the NZ Herald, adding:.
“Joe Grand, a hardware hacker and president of product- and security-research firm Grand Idea Studio, saw Tarnovsky’s presentation and said it represented a huge advancement that chip companies should take seriously, because it shows that presumptions about security ought to be reconsidered.
“His work is the next generation of hardware hacking,” he says in the story.
..… and identi.ca
First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi
New Zealand Herald – Supergeek pulls off ‘near impossible’ crypto chip hack, February 9, 2010
Use free p2pnet newsfeeds for your site. Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/feed
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.