ABC News is reporting Christopher Tarnovsky did what was thought to be virtually impossible; he managed to hack TPM (Trusted Platform Module) chips. Regarded as the industry's most secure chips, computers and servers holding classified data, such as government systems, utilize TPM encryption technology. An estimated 100 million personal computers and servers also contain TPM chips, although users may never turn on the encryption when first using the machine. Tarnovsky demonstrated the hack at the Black Hat security conference.
It took Tarnovsky six months to hack a chip produced by Infineon Technologies AG, a lead manufacturer of TPM chips. He believes the technique would work on all Infineon chips of the same design, including non-TPM chips used in the Xbox 360, smart phones, and even satellite TV equipment. Tarnovsky isn't sure if the hack works solely on Infineon chips or other brands, as well.
Although the hack requires physical access to the TPM device, lost or stolen phones provide an excellent way for hackers to tap into personal data, such as text and email messages. Infineon claims the crack has little chance of affecting a large number of users, due to the required skill level needed to perform such an attack.
To perform the hack, Tarnovsky first placed the chips in acid. This dissolved the outer shell. He then used rust remover to get to the core. A tiny needle allowed him to tap into the "programming instructions" between the chip and the computer's memory. These instructions, which were not encrypted since he was inside the chip, provided a gold mine of info on the encryption technology used.
The attack is worrisome, since it opens the gate for highly financed operatives to attempt to acquire military and trade secrets. According to ABC News, Tarnovsky noted his attack could be used to "pirate satellite TV signals or make Xbox peripherals, such as handheld controllers, without paying Microsoft a licensing fee."
Joe Grand, president of Grand Studio Inc. as well as a hacker, summed it up best by saying this about Tarnovsky, "His work is the next generation of hardware hacking."
24 Comments - Add comment