Hardware TPM Hacked

BiggerIsBetter writes "Christopher Tarnovsky has pulled off the 'near impossible' TPM hardware hack. We all knew it was only a matter of time; this is why you shouldn't entrust your data to proprietary solutions. From the article: 'The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can't be sure, however, whether his attack would work on TPM chips made by companies other than Infineon. Infineon said it knew this type of attack was possible when it was testing its chips. But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users. ... The Trusted Computing Group, which sets standards on TPM chips, called the attack "exceedingly difficult to replicate in a real-world environment."'"

surprise surprise

'near impossible'

Shouldn't that be 'near inevitable'?

Infineon said it knew this type of attack was possible when it was testing its chips.

Did they mention this in their marketing and when selling the TPM FUD to governments and companies?

"exceedingly difficult to replicate in a real-world environment."

Meaning only powerful criminal organizations, companies and governments can probably gather the
required resources and people with the expertise to pull it off? Out of 6.8 billion people, how
many have the resources to do this? 1000? 10,000? What about in 5 years?
At what point will they admit its flawed? Probably when TPM2 is fully patented and ready.

Re:When will they learn

[noidentity]

I don't really call any hack that requires "physical access" to be a genuine danger. If someone has physical access to your box you've got greater worries.

Yes, but remember that TPM is about keeping you our of your own computer, so those who would like to do so are worried about this.