Tarnovsky hacks the Holiest of Holies
p2pnet view Security:- “It’s sort of doing the impossible. This is a lock on Pandora’s box. And now that he’s pried open the lock, it’s like, ooh, where does it lead you?”
That’s Jeff Moss, founder of the Black Hat security conference and a member of the US Department of Homeland Security’s advisory council on learning Christopher Tarnovsky (right) had successfully penetrated the Holiest of Holies — an Infineon TPM chip.
Explains the Wikipedia:
“In computing, Trusted Platform Module (TPM) is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the “TPM chip” or “TPM Security Device” (as designated in certain Dell BIOS settings. The TPM specification is the work of the Trusted Computing Group.”
The Trusted Computing Group (TCG) followed the Trusted Computing Platform Alliance (TCPA), “an initiative started by AMD, Hewlett-Packard, IBM, Intel, and Microsoft”, says another Wikipedia post.
“Earlier this week, an engineer presented findings at the Black Hat Conference purportedly showing how a Trusted Platform Module (TPM) could be physically compromised to access unencrypted data inside”, says the group on its home page, going on >>>
Turning on and using the TPM chip is one of the single most cost-effective steps for ensuring robust security in the PC. The TPM was designed to enable trusted online computing and prevent software-based attacks-the predominant security threat impacting the IT equipment. At the same time, the TPM also provides a tamper-resistant means to physical security of the PC itself, and has always been billed as such.
But, it hastens to stress, “The Trusted Computing Group has never claimed that a physical attack-given enough time, specialized equipment, know-how and money-was impossible.”
It points out that, unlike a software attack, this kind of hack calls for the physical possession of the PC and, not only but also, “it was conducted by someone with extensive skills in reverse engineering, intricate knowledge of semiconductors and access to specialized equipment.”
“In addition, breaking a single TPM in this manner grants access to one machine – a one-time hack that would need to be physically replicated for every machine, offering no further advantage in accessing the rest of the 300 million TPM chips on PCs around the world”, it adds.
‘Your secrets aren’t that safe’
The quote in the intro comes from a New Zealand Herald post on Tarnovsky’s hack, and it has him saying, “You’ve trusted this chip to hold your secrets, but your secrets aren’t that safe.”
Tarnovsky, 38, runs Flylogic security in California and the chip he hacked “is a flagship model from Infineon Technologies AG, the top maker of TPM chips”, says the story, quoting Tarnovsky as saying the technique would work on the entire family of Infineon chips based on the same design.
And, “That includes non-TPM chips used in satellite TV equipment, Microsoft’s Xbox 360 game console and smart phones,” it says, stating >>>
That means his attack could be used to pirate satellite TV signals or make Xbox peripherals, such as handheld controllers, without paying Microsoft a licensing fee, Tarnovsky said. Microsoft confirmed its Xbox 360 uses Infineon chips, but would only say that “unauthorised accessories that circumvent security protocols are not certified to meet our safety and compliance standards.”
The technique can also be used to tap text messages and email belonging to the user of a lost or stolen phone. Tarnovsky said he can’t be sure, however, whether his attack would work on TPM chips made by companies other than Infineon.
He “needed six months to figure out his attack, which requires skill in modifying the tiny parts of the chip without destroying it”, says the NZ Herald, adding:.
“Joe Grand, a hardware hacker and president of product- and security-research firm Grand Idea Studio, saw Tarnovsky’s presentation and said it represented a huge advancement that chip companies should take seriously, because it shows that presumptions about security ought to be reconsidered.
“His work is the next generation of hardware hacking,” he says in the story.
..… and identi.ca
First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi
New Zealand Herald – Supergeek pulls off ‘near impossible’ crypto chip hack, February 9, 2010
Use free p2pnet newsfeeds for your site. Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/feed
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
February 10th, 2010 at 7:47 am
6 months to figure out ?
I think this guys reinventing the wheel, he has either re-enabled a non-masked off area of a chip using ultraviolet light to enable code reading from it and thus able to remove the security code at source or he is using the newer electron microscopic thermal tracking method where the function of chips (and thus the function logic) is tracked by following the signal through the ics functions or arrays.
Someone needs to use google a little more.
February 10th, 2010 at 10:56 am
Wave Systems’ Response to the Presentation at the Black Hat Conference Concerning TPMs
Earlier this week, an engineer presented findings at the Black Hat Conference purportedly showing how a Trusted Platform Module (TPM) could be physically compromised and the unencrypted code inside accessed. This work is interesting in concept, and actually validates the intended functionality and security model of the TPM. The TPM was designed as a low-cost cryptographic chip for mass market devices to provide protection against software attacks and many hardware attacks. The project presented at Black Hat validates that it would take a skilled researcher many months using expensive equipment to physically hack a single TPM. This would be exceedingly difficult to replicate in a real-world environment.
Turning on and using the TPM chip is one of the single most cost-effective steps for ensuring robust security in the PC. The TPM enables trusted online computing and prevents software-based attacks—the predominant security threat impacting the security industry. At the same time, the TPM also provides a tamper-resistant means to physical security of the PC itself, and has always been billed as such. The Trusted Computing Group has never claimed that a physical attack—given enough time, specialized equipment, know-how and money—was impossible. No form of security can ever be held to that standard. However, as a tamper-resistant, general purpose encryption device for mass manufacturing, TPMs do protect against software and most hardware attacks even when a physical PC is lost or stolen, particularly when a layered security approach is deployed as with industry best practices.
This attack, unlike a software attack, requires the physical possession of the PC. Few individuals in a real-world setting could replicate this hack. In contrast, stealing keys in the operating system should a PC not have a TPM in place, is as easy as downloading readily-available shareware capable of capturing the keys or certificates. The TPM, as designed, offers a robust defense against shareware, as well as more complex software-based attacks. In addition, breaking a single TPM in this manner grants access to one machine – a one-time hack that would need to be physically replicated for every machine, offering no further advantage in accessing the rest of the 300 million TPM chips on PCs around the world. These findings have little bearing on the level of security that customers who are utilizing their TPM chips should expect.
http://www.wave.com/news/press_archive/10/100209_Response.asp