TPM security cracked wide open
The Trusted Platform Module is perhaps a little less trustworth today, following Christopher Tarnovsky's discovery of a physical attack vector.
According to a report in the New Zealand Herald - via Hack a Day - security consultant Christopher Tarnovsky has worked out a way to convince the TPM chip to give up its closely-held secrets.
Revealed at the 2010 Black Hat conference, the hack isn't exactly straightforward: it relies on having both physical access to a TPM-secured machine, and on having a great deal of experience with the physical hacking of semiconductors - something Tarnovsky has in spades.
The process is similar to the way Tarnovsky has cracked other security chips in the past: starting by soaking the chip in acid to dissolve the plastic casing, Tarnovsky then carefully removes the RF-protective mesh to get at the wiring at the heart of the chip. Once exposed, a logic probe with an extremely small needle allows him to find the relevant communication channel - and from there set up a digital eavesdrop.
While it's hardly straightforward, the 'wiretap' allows Tarnovsky to read the instructions used to actually perform the cryptography within the chip - and thus reverse them, allowing for a full bypass of the security the Trusted Platform Module was designed to provide.
Tarnovsky's work involved the Infineon-manufactured TPM chips, one of the most popular models on the market - with modified versions finding their way into set top boxes, Microsoft's Xbox 360 console, and certain smartphones - but the hacker claims that his techniques can be applied to any model of TPM chip with similar success.
For its part, the Trusted Computing Group - behind the Trusted Platform Module - downplays the seriousness of the attack, stating that it is "exceedingly difficult to replicate in a real-world environment" and states that it "never claimed that a physical attack - given enough time, specialised equipment, know-how and money - was impossible."
One thing is for certain: with the Black Hat conference's founder - and member of the US Department of Homeland Security's advisory council - Jeff Moss describing the attack as "amazing" and akin to prying open the lock on Pandora's Box, there's likely to be a lot of security professionals experiencing a few sleepless nights once the Tarnovsky's presentation is released to the public.
Are you surprised to see the 'uncrackable' TPM laid bare in this manner, or is it such a ridiculous method of attack that no-one need worry? Share your thoughts over in the forums.
Previous Article
17 Comments
Discuss in the forums ReplyHaving cracked one chip, does that mean he has cracked the entire TPM system, or just that particular model of chip, or just that individual chip? If the latter, not much to worry about; if the entire platform is now compromised, however, it's time to retire it.
If someone manages to gain physical access to machine, take apart the TPM chip, and use a logic probe to digitally eavesdrop, I'd say they are more the welcome to the data on my machine...
BTW this news broke sometime last week... http://mcpmag.com/articles/2010/02/03/black-hat-engineer-cracks-tpm-chip.aspx
I'm sure this was indeed assumed since the inception of the TPM chip. All systems like this, from DVD to Blu-Ray to whatever else, where you need to let the person decode the content, are ultimately open to compromise because you must give the user both the encoded material and the means to decode it. The people who design these systems know this. What they're interested in is keeping the amount of compromises down to a bare minimum.
What's important is that this only really has to be done once in order to produce devices you could either piggyback on top of a compatible device, or produce a replacement device, and circumvent the entire floor show. And it has now been done once.
P
do you know safes can be cracked (in america for example they all have those stupied flat keys like you get on padlocks and you just get a bump key (done a key to nearly every home in america)(this is just a guess as i have never been to america and have never seen one, only ever heard about it
Indeed. Some of MIT's best are now picking locks, too.
Hire gordan freeman, master chief, and nomad in conjunction with the safe. Now it is fool proof.
But unless this physical hack can somehow lead to a software hack, then it's only use is if you happen to come into possession of a computer you're sure has valuable secrets.
I asure you is a faster and more effective method :)
AGRRED! :-P