Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hardware TPM Hacked

Posted by Soulskill on from the matter-of-time dept.

BiggerIsBetter writes "Christopher Tarnovsky has pulled off the 'near impossible' TPM hardware hack. We all knew it was only a matter of time; this is why you shouldn't entrust your data to proprietary solutions. From the article: 'The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can't be sure, however, whether his attack would work on TPM chips made by companies other than Infineon. Infineon said it knew this type of attack was possible when it was testing its chips. But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users. ... The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment."'"

6 of 327 comments (clear)

  1. Re:Am I getting old? by jfengel · · Score: 2, Funny

    Yes, it means you're getting old. On the plus side, your memory appears to be in great shape.

  2. Re:surprise surprise by crossmr · · Score: 4, Funny

    I had a similar thought when I read that part of the summary:

    How about you do something crazy and carry on to the actual article (I know.. I forgot where I was)

    The new attack discovered by Christopher Tarnovsky is difficult to pull off, partly because it requires physical access to a computer.....Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores. From there, he had to find the right communication channels to tap into using a very small needle.

    Two words: script kiddies.

    You tell me how you're going to pack acid and rust remover into a downloadable tool and I'll worry.

  3. Solution is quite obvious by funkman · · Score: 3, Funny

    Since using technique involves reverse engineering the chip, this is a clear violation of the DMCA. So just find your local attorney and prosecute.

    Problem solved. Nothing to see here move along. Thanks for playing. :)

  4. When I see "TPM hacked" only one thing comes to me by JudgeFurious · · Score: 2, Funny

    Somebody fixed The Phantom Menace? I'd like to see that.

    --
    Appended to the end of comments you post. 120 chars.
  5. Re:Yeah, this is going to be a major problem... by Jeng · · Score: 2, Funny

    LSD doesn't work that way, otherwise the CIA would still be using it.

    Knowing that the password tastes like fuchsia does not help.

    --
    Don't know something? Look it up. Still don't know? Then ask.
  6. Re:Step 1 - decap the chip without killing it by Physics+Dude · · Score: 2, Funny

    Not the kind of thing you're going to do in your kitchen!

    What!? You obviously have never seen my kitchen. ;)