TPM chips used for encryption hacked

ABC News is reporting Christopher Tarnovsky did what was thought to be virtually impossible; he managed to hack TPM (Trusted Platform Module) chips. Regarded as the industry's most secure chips, computers and servers holding classified data, such as government systems, utilize TPM encryption technology. An estimated 100 million personal computers and servers also contain TPM chips, although users may never turn on the encryption when first using the machine. Tarnovsky demonstrated the hack at the Black Hat security conference.

It took Tarnovsky six months to hack a chip produced by Infineon Technologies AG, a lead manufacturer of TPM chips. He believes the technique would work on all Infineon chips of the same design, including non-TPM chips used in the Xbox 360, smart phones, and even satellite TV equipment. Tarnovsky isn't sure if the hack works solely on Infineon chips or other brands, as well.

Although the hack requires physical access to the TPM device, lost or stolen phones provide an excellent way for hackers to tap into personal data, such as text and email messages. Infineon claims the crack has little chance of affecting a large number of users, due to the required skill level needed to perform such an attack.

To perform the hack, Tarnovsky first placed the chips in acid. This dissolved the outer shell. He then used rust remover to get to the core. A tiny needle allowed him to tap into the "programming instructions" between the chip and the computer's memory. These instructions, which were not encrypted since he was inside the chip, provided a gold mine of info on the encryption technology used.

The attack is worrisome, since it opens the gate for highly financed operatives to attempt to acquire military and trade secrets. According to ABC News, Tarnovsky noted his attack could be used to "pirate satellite TV signals or make Xbox peripherals, such as handheld controllers, without paying Microsoft a licensing fee."

Joe Grand, president of Grand Studio Inc. as well as a hacker, summed it up best by saying this about Tarnovsky, "His work is the next generation of hardware hacking."

Report a problem with article
Previous Story

Sins of a Solar Empire: Trinity Released

Next Story

New Assassin's Creed to be set in Rome

24 Comments

Commenting is disabled on this article.

here are the youtube videos
relateing to the TPM chip hack
http://www.youtube.com/watch?v=Qk73ye2_g4o
http://www.youtube.com/watch?v=dLtFfZuArQU
http://www.youtube.com/watch?v=EoDQ8rFxuT8&feature=PlayList&p=5A74142D9F317F5A&index=2
http://www.youtube.com/watch?v=7wWIZtWqo8o

http://www.youtube.com/watch?v=t2tPj57zj3A
http://www.youtube.com/watch?v=XPukGhEKZr4
http://www.youtube.com/watch?v=z0Ns62zYM2g
http://www.youtube.com/watch?v=ZCs28xIPKkc

here is a youtube video of Christopher Tarnovsky hacking a smartcard chip

http://www.youtube.com/watch?v=tnY7UVyaFiQ

These guys (TMP people I mean) do really believe that there is absolute security in something designed by our thought? Really?

DARKFiB3R said,
http://caster420.360mods.net/decap.jpg

A "decapped" chip

any idea what all this TPM Chip hack stuff means as far as XBox360?

is it just for making controllers without license fee or can it potentially be used to crack the core system security easier? , so then we could have a way to run XBMC (i.e. homebrew) etc etc on it.

make Xbox peripherals, such as handheld controllers, without paying Microsoft a licensing fee.
Now I'm listening.

xSuRgEx said,
he also hacked the xbox360 processor not long ago, iam suprised that didnt make front page news.

Isn't that exactly the same thing this article is talking about? The 360 uses TPM also.

Saburac said,

Isn't that exactly the same thing this article is talking about? The 360 uses TPM also.


No, it's not the same. The 360 core and the 360 TPM chip are different.

Raa said,

No, it's not the same. The 360 core and the 360 TPM chip are different.

Maybe but it sounds like it's the same article we're talking about to me:

[url="http://www.gamepro.com.au/article/334887/processor_used_secure_xbox_360_hacked_claims_researcher/"]Link[/url]

Edited by Saburac, Feb 10 2010, 1:54am : Why can't I post links here, grrr...

If TPM is all your using to protect sensitive information then your wrong. TPM is only one part of the overall security solution you should be implimenting.

I agree with Rudy, way too complex a method I think to pose a risk to smaller companies that use TPM for their laptop encryption (time/effort involved versus profit) but for big banks and gov/military this is pro bably goiing to a bit of worry. I'm sure as the method is perfected it will lead to easier and easier methods.

It was posted in the forum a week or so ago (or maybe a bit more). As I said in the thread, the process is way too complicated for most people to do in their basement but it could lead to an easier process.