1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News TPM security cracked wide open

Discussion in 'Article Discussion' started by CardJoe, 10 Feb 2010.

  1. CardJoe

    CardJoe Freelance Journalist

    Joined:
    3 Apr 2007
    Posts:
    11,346
    Likes Received:
    316
  2. Digi

    Digi The not-so-funny Cockney

    Joined:
    23 Nov 2009
    Posts:
    1,600
    Likes Received:
    228
    Depends if he can apply what he learned on how it encrypts to make software that will do it I guess. But I always love seeing these stories, learn something new every time.
     
  3. mjm25

    mjm25 What's a Dremel?

    Joined:
    19 Jan 2009
    Posts:
    507
    Likes Received:
    28
    clever clever guy... and i suspect the most steady hands you've ever seen! he should be a darts player. probably.
     
  4. mclean007

    mclean007 Officious Bystander

    Joined:
    22 May 2003
    Posts:
    2,035
    Likes Received:
    15
    Interesting...

    Having cracked one chip, does that mean he has cracked the entire TPM system, or just that particular model of chip, or just that individual chip? If the latter, not much to worry about; if the entire platform is now compromised, however, it's time to retire it.
     
  5. cjmUK

    cjmUK Old git.

    Joined:
    9 Feb 2004
    Posts:
    2,553
    Likes Received:
    88
    So basically, providing you don't store nuclear secrets on your PC, TPM will continue to be sufficient for your needs.

    If someone manages to gain physical access to machine, take apart the TPM chip, and use a logic probe to digitally eavesdrop, I'd say they are more the welcome to the data on my machine...
     
  6. FeRaL

    FeRaL What's a Dremel?

    Joined:
    27 Sep 2004
    Posts:
    208
    Likes Received:
    0
    Not to sound too negative but, you guys could have done a little research on something as big as this is instead of adding to the sensationalism of it. A little more research would have revealed some more specifics, like that he had to use an electron microscope to pull this hack off.

    BTW this news broke sometime last week... http://mcpmag.com/articles/2010/02/03/black-hat-engineer-cracks-tpm-chip.aspx
     
  7. Neophyte4Life

    Neophyte4Life What's a Dremel?

    Joined:
    24 Feb 2009
    Posts:
    33
    Likes Received:
    2
    I thought this was just assumed since the inception of the TPM chip. When i first learned about it, i was told that it could be cracked with physical access to the chip. This same concept applies with encryption. Your stuff might be safe from digital access but a cold boot attack can retrieve encryption keys. We are putting so much focus of the digital aspects of security that we forget about physical access. Put the freakn thing a steel valut and for the love of God man lock the door. Problem solved.
     
  8. Phil Rhodes

    Phil Rhodes Hypernobber

    Joined:
    27 Jul 2006
    Posts:
    1,415
    Likes Received:
    10
    I'm not sure why this is really news. Yes, obviously, if you're going to go to the lengths of etching the casing off the thing and firing a logic analyser at it, then yes, you can find out what it does and how it does so.

    I'm sure this was indeed assumed since the inception of the TPM chip. All systems like this, from DVD to Blu-Ray to whatever else, where you need to let the person decode the content, are ultimately open to compromise because you must give the user both the encoded material and the means to decode it. The people who design these systems know this. What they're interested in is keeping the amount of compromises down to a bare minimum.

    What's important is that this only really has to be done once in order to produce devices you could either piggyback on top of a compatible device, or produce a replacement device, and circumvent the entire floor show. And it has now been done once.

    P
     
  9. shanky887614

    shanky887614 What's a Dremel?

    Joined:
    13 May 2009
    Posts:
    203
    Likes Received:
    0
    do you know safes can be cracked (in america for example they all have those stupied flat keys like you get on padlocks and you just get a bump key (done a key to nearly every home in america)(this is just a guess as i have never been to america and have never seen one, only ever heard about it
     
  10. Saivert

    Saivert Minimodder

    Joined:
    26 Mar 2005
    Posts:
    390
    Likes Received:
    1
    picking locks is just down the alley from this. some of the computer hackers are also gifted lock pickers.
     
  11. Sparrowhawk

    Sparrowhawk Wetsander

    Joined:
    14 Feb 2004
    Posts:
    584
    Likes Received:
    1
    Indeed. Some of MIT's best are now picking locks, too.
     
  12. Neophyte4Life

    Neophyte4Life What's a Dremel?

    Joined:
    24 Feb 2009
    Posts:
    33
    Likes Received:
    2
    Hire gordan freeman, master chief, and nomad in conjunction with the safe. Now it is fool proof.
     
  13. dark_avenger

    dark_avenger Minimodder

    Joined:
    9 Jul 2008
    Posts:
    1,118
    Likes Received:
    48
    it maybe a very hard hack to redo but now that he has access to the chip the reverse engineering of the chip can begin to find easier ways of hacking it
     
  14. Lazarus Dark

    Lazarus Dark Minimodder

    Joined:
    14 Apr 2006
    Posts:
    360
    Likes Received:
    0
    awe. You had my hopes up. TPM is a vile platform and I've longed for it's demise since before the first chips were produced...

    But unless this physical hack can somehow lead to a software hack, then it's only use is if you happen to come into possession of a computer you're sure has valuable secrets.
     
  15. dec

    dec [blank space]

    Joined:
    10 Jan 2009
    Posts:
    323
    Likes Received:
    12
    :lol: no matter how much code you write it still cant stop acid.....until the code turns into skynet
     
  16. paisa666

    paisa666 I WILL END YOU!!!

    Joined:
    4 Mar 2009
    Posts:
    810
    Likes Received:
    42
    I rather ask who's on charge of that server, kidnap the guy and punch the heck out of him til he gives me the codes.

    I asure you is a faster and more effective method :)
     
  17. livesabitch

    livesabitch life is what you make it!

    Joined:
    8 Oct 2009
    Posts:
    123
    Likes Received:
    1
    AGRRED! :p
     
  18. thehippoz

    thehippoz What's a Dremel?

    Joined:
    19 Dec 2008
    Posts:
    5,780
    Likes Received:
    174
    =] nice.. some engineer is doing a face plant right now- into some security guards ass as the boss goes balmer on him
     
Tags: Add Tags

Share This Page