The Trusted Platform Module is perhaps a little less trustworth today, following Christopher Tarnovsky's discovery of a physical attack vector.
The previously unassailable Trusted Platform Module - designed to provide cryptographic security to data held on servers and PCs - has been cracked by a California-based hacker.
According to a report in the New Zealand Herald
- via Hack a Day
- security consultant Christopher Tarnovsky has worked out a way to convince the TPM chip to give up its closely-held secrets.
Revealed at the 2010 Black Hat conference, the hack isn't exactly straightforward: it relies on having both physical access to a TPM-secured machine, and on having a great deal of experience with the physical hacking of semiconductors - something Tarnovsky has in spades.
The process is similar to the way Tarnovsky has cracked other security chips in the past: starting by soaking the chip in acid to dissolve the plastic casing, Tarnovsky then carefully removes the RF-protective mesh to get at the wiring at the heart of the chip. Once exposed, a logic probe with an extremely
small needle allows him to find the relevant communication channel - and from there set up a digital eavesdrop.
While it's hardly straightforward, the 'wiretap' allows Tarnovsky to read the instructions used to actually perform the cryptography within the chip - and thus reverse them, allowing for a full bypass of the security the Trusted Platform Module was designed to provide.
Tarnovsky's work involved the Infineon-manufactured TPM chips, one of the most popular models on the market - with modified versions finding their way into set top boxes, Microsoft's Xbox 360 console, and certain smartphones - but the hacker claims that his techniques can be applied to any model of TPM chip with similar success.
For its part, the Trusted Computing Group - behind the Trusted Platform Module - downplays the seriousness of the attack, stating that it is "exceedingly difficult to replicate in a real-world environment
" and states that it "never claimed that a physical attack - given enough time, specialised equipment, know-how and money - was impossible.
One thing is for certain: with the Black Hat conference's founder - and member of the US Department of Homeland Security's advisory council - Jeff Moss describing the attack as "amazing
" and akin to prying open the lock on Pandora's Box, there's likely to be a lot of security professionals experiencing a few sleepless nights once the Tarnovsky's presentation is released to the public.
Are you surprised to see the 'uncrackable' TPM laid bare in this manner, or is it such a ridiculous method of attack that no-one need worry? Share your thoughts over in the forums