Chat Button
Live Chat by LivePerson
Customer Service Rating by LivePerson
« Pay Up! – Telefonica tells Google, et al
Google Street View on skiis: 2010 Olympics »

Tarnovsky hacks the Holiest of Holies

Tuesday, February 9, 2010 7:02 PST -08:00   News  


 “It’s sort of doing the impossible. This is a lock on Pandora’s box. And now that he’s pried open the lock, it’s like, ooh, where does it lead you?”

That’s Jeff Moss, founder of the Black Hat security conference and a member of the US Department of Homeland Security’s advisory council on learning Christopher Tarnovsky (right) had successfully penetrated the Holiest of Holies — an Infineon TPM chip.

Explains the Wikipedia:

“In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the “TPM chip” or “TPM Security Device” (as designated in certain Dell BIOS settings. The TPM specification is the work of the Trusted Computing Group.”

The Trusted Computing Group (TCG) followed the Trusted Computing Platform Alliance (TCPA), “an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft”, says another Wikipedia post.

“Earlier this week, an engineer presented findings at the Black Hat Conference purportedly showing how a Trusted Platform Module (TPM) could be physically compromised to access unencrypted data inside”, says the group on its home page, going on >>>

Turning on and using the TPM chip is one of the single most cost-effective steps for ensuring robust security in the PC. The TPM was designed to enable trusted online computing and prevent software-based attacks-the predominant security threat impacting the IT equipment. At the same time, the TPM also provides a tamper-resistant means to physical security of the PC itself, and has always been billed as such.

But, it  hastens to stress, “The Trusted Computing Group has never claimed that a physical attack-given enough time, specialized equipment, know-how and money-was impossible.”

It points out that, unlike a software attack, this kind of hack calls for the physical possession of the PC and, not only but also, “it was conducted by someone with extensive skills in reverse engineering, intricate knowledge of semiconductors and access to specialized equipment.”

“In addition, breaking a single TPM in this manner grants access to one machine – a one-time hack that would need to be physically replicated for every machine, offering no further advantage in accessing the rest of the 300 million TPM chips on PCs around the world”, it adds.

‘Your secrets aren’t that safe’

The quote in the intro comes from a New Zealand Herald post on Tarnovsky’s hack, and it has him saying, “You’ve trusted this chip to hold your secrets, but your secrets aren’t that safe.”

Tarnovsky, 38, runs Flylogic security in California and the chip he hacked “is a flagship model from Infineon Technologies AG, the top maker of TPM chips”, says the story, quoting Tarnovsky as saying the technique would work on the entire family of Infineon chips based on the same design.

And, “That includes non-TPM chips used in satellite TV equipment, Microsoft’s Xbox 360 game console and smart phones,” it says, stating >>>

That means his attack could be used to pirate satellite TV signals or make Xbox peripherals, such as handheld controllers, without paying Microsoft a licensing fee, Tarnovsky said. Microsoft confirmed its Xbox 360 uses Infineon chips, but would only say that “unauthorised accessories that circumvent security protocols are not certified to meet our safety and compliance standards.”

The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can’t be sure, however, whether his attack would work on TPM chips made by companies other than Infineon.

He “needed six months to figure out his attack, which requires skill in modifying the tiny parts of the chip without destroying it”, says the NZ Herald, adding:.

“Joe Grand, a hardware hacker and president of product- and security-research firm Grand Idea Studio, saw Tarnovsky’s presentation and said it represented a huge advancement that chip companies should take seriously, because it shows that presumptions about security ought to be reconsidered.

“His work is the next generation of hardware hacking,” he says in the story.

Related Articles

  • Labba hacks Kindle e-reader DRM
  • Iraq insurgents hack US Predator drones
  • Only wrong-doers worry about online privacy
  • p2pnet Twitter feed: unhacked


    •  Del.Icio.Us this! | Digg this! | Reddit this! | Stumble this!

     Enjoyed this? Subscribe to the feed.

    No comments yet

    Leave a Comment

    You must be logged in to post a comment.

    « Pay Up! – Telefonica tells Google, et al
    Google Street View on skiis: 2010 Olympics »

    Categories

    Archive

    Featured Posts
     
    Ares Has It All: Music, Movies and Games all Ready for Download
    Downloading Your Music From Ares
    Ares the P2P Music Download Software
    The Official Site for all your P2P needs, Download Ares
    Ares Makes It Possible For Your Library Size to Only be Limited by You Disk Space

    Latest Blog Posts
     
    The Dominance of Tagalog Songs in Original Pilipino Music Online
    .
    Crazy Over Tagalong Songs
    .
    Advantages Of Free Mp3 Downloads
    .
    Downloading Free Mp3 Music Legally
    .
    Enjoy Your Free MP3 Download
    .
    		 

    Blog Archives
    		 

    Misc Ramblings
     
    . Check Out A New World with Ares
    . Ares P2P
    . Ares is the ultimate photos and pictures download tool
    . Ares movie download
    . Downloading music with Ares – it’s so easy!
     
     
    Acai Berry | Salvia | Ares Free Music Downloads Home
    Copyright © 2010 Official Ares All Rights Reserved.