Black Hat: Researcher claims hack of chip used to secure computers, smartcards
Network World - ARLINGTON, VA. -- A researcher with expertise in hacking hardware Tuesday detailed at the Black Hat DC conference how it's possible to subvert the security of a processor used to protect computers, smartcards and even Microsoft's Xbox 360 gaming system.
Christopher Tarnovsky, a researcher at Flylogic Engineering, said he has hacked an Infineon SLE 66 CL PC processor that is also used with Trusted Platform Module (TPM) chips. He emphasized that his research shows TPM, which was developed as an industry specification for hardware-based computer security by the Trusted Computing Group and has been implemented in hardware by Infineon and other manufacturers, is not as secure as presumed. TPM can be used for a wide variety of purposes, including storage of encryption keys and is used with Microsoft's BitLocker encryption technology.
"The TPM 1.2 chip is not as secure as the vendor tries to tell you it is," Tarnovsky said. "I can recover all your secrets inside this chip. Your keys to the Xbox 360, the licensing chip," plus the RSA cryptoengine, if it's used. "There's nothing in this device I can't see."
Tarnovsky's method, as he described it, entailed jumping the wire into the internal circuitry of the Infineon chips to create a bypass into the core. Tarnovsky acknowledged it took him six months to figure out how to effectively penetrate it, which required bypassing circuitry on chips he purchased inexpensively from Chinese manufacturers.
Tarnovsky's examination process involved subtle use of hardware-based liquid chemical and gas technologies in a lab setting to probe with specialized needles to build tungsten bridges. "Once I'm physically through the device, I have to eavesdrop on the databus," he said, adding "I can sit in the databus and listen." At this point, it now takes him about six hours to break the licensing keys to the XBox 360.
Tarnovsky, with the excruciating detail of a surgeon discussing a heart bypass operation, said he had shared his findings with Infineon. But he said that over the past month the company appeared to have dropped contact with him after he informed Infineon how he had hacked TPM, even though he had shared source code with them to prove what progress he had made in subverting the Infineon smartcard processor.
Speaking with reporters, Tarnovsky said Infineon had claimed the type of exploit he did wasn't really possible. But the fact that it can be done raises serious questions about security in TPM modules that should be addressed by the industry, he pointed out, adding two other manufacturers make TPM modules and he may be examining their products next. He acknowledged his hardware-hacking methods are probably not easy to duplicate and he doesn't plan to share them widely.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts