Hardware TPM Hacked

BiggerIsBetter writes "Christopher Tarnovsky has pulled off the 'near impossible' TPM hardware hack. We all knew it was only a matter of time; this is why you shouldn't entrust your data to proprietary solutions. From the article: 'The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can't be sure, however, whether his attack would work on TPM chips made by companies other than Infineon. Infineon said it knew this type of attack was possible when it was testing its chips. But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users. ... The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment."'"

Re:surprise surprise

[Bacon+Bits]

You didn't even read the article, did you? This was a hardhack.

Tarnovsky needed six months to figure out his attack, which requires skill in modifying the tiny parts of the chip without destroying it.

Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores. From there, he had to find the right communication channels to tap into using a very small needle.

The needle allowed him to set up a wiretap and eavesdrop on all the programming instructions as they are sent back and forth between the chip and the computer's memory.

It also amuses me that TFS makes the point of blaming "proprietary" solutions. Exactly how would this attack have been prevented by using open source?

Re:CHALLENGE TO TARNOVSKY

[rochberg]

I've seen this article in a few places (see also here) and discussed it with some colleagues (one of whom was a consultant on the design of the TPM). We had the same suspicions regarding whether or not it was an Infineon TPM or a clone.

Regarding the key question, I don't think he has actually been able to extract the endorsement key. I believe the attack is just about extracting keys generated and stored on the TPM. For instance, the CW article refers to the "licensing keys." My impression is that these are keys used by the software to ensure the XBox 360 hasn't been modded. I don't believe you would use the endorsement key in this instance. Unfortunately, none of the articles are clear on this point.

Re:surprise surprise

[DarkOx]

Right but outside the fire safes you get at home center most safes and strongboxes are designed such that they are difficult to remove from the site. They may be very heavy requiring equipment to move fastened from the inside etc etc. In the case of laptops and phones virtually any situation in which this sort of attack will be used is one where the units whereabouts are not know to the owner. Which makes it pretty hard to respond to. The big sell point on TPM was if your device goes missing its brick to whomever finds it; this sorta makes that untrue.

Yes you make your laptop useless to the typical thief but as far as corporate espionage, government records leaking etc etc; this makes TPM a pretty poor defense. Yes I realize its supposed to be one line of defense bu when things like the keys to your disk encryption are stored there those remaining lines are not much of a hurdle.