Trusted Platform Module Cracked
February 9th, 2010I’m not posting this because I think that it represents much of a threat to average computer users, but because Tarnovsky’s crack is astonishing. I’ve been around hardware hackers before and read the stories for years… But this one has to be close to taking the cake.
Via: AP / ABC:
Tarnovsky needed six months to figure out his attack, which requires skill in modifying the tiny parts of the chip without destroying it.
Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips’ cores. From there, he had to find the right communication channels to tap into using a very small needle.
The needle allowed him to set up a wiretap and eavesdrop on all the programming instructions as they are sent back and forth between the chip and the computer’s memory. Those instructions hold the secrets to the computer’s encryption, and he didn’t find them encrypted because he was physically inside the chip.
Even once he had done all that, he said he still had to crack the “huge problem” of figuring out how to avoid traps programmed into the chip’s software as an extra layer of defense.
“This chip is mean, man — it’s like a ticking time bomb if you don’t do something right,” Tarnovsky said.
Joe Grand, a hardware hacker and president of product- and security-research firm Grand Idea Studio Inc., saw Tarnovsky’s presentation and said it represented a huge advancement that chip companies should take seriously, because it shows that presumptions about security ought to be reconsidered.
“His work is the next generation of hardware hacking,” Grand said.
