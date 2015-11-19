from the time-to-start-again dept.
TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs
Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys.
TPM (short for Trusted Platform Module) is a chip used as a root of trust for a device's OS that can store highly sensitive data such as security keys, protecting them from malicious tools such as implanted rootkits or malware dropped by a threat actor.
TPMs can also be firmware-based solutions (fTPM) that run on separate 32-bit microcontrollers inside a CPU, as is the case of Intel processors starting with the Haswell generation (2013).
The two vulnerabilities allow hackers to circumvent this security shield and steal the data stored within a TPM. Once they have their hands on your signing keys, the attackers can forge digital signatures that can be used to tamper with the operating systems or to bypass authentication on the compromised machine.
The TPM-FAIL side-channel attacks demonstrated by the researchers take advantage of a "leakage of the length of the nonce, which can easily be exploited using a lattice attack."
Timing leakage issues affect both Intel's firmware-based TPM (fTPM) and STMicroelectronics' TPM chip, with both platforms exhibiting flawed cryptographic signature generation with secret-dependent execution times.
While the sensitive information should never leave the TPM, the hackers are able to recover 256-bit private keys for ECDSA and ECSchnorr signatures from elliptic curves-based digital signature schemes as the research team from the Worcester Polytechnic Institute, the University of Lübeck, and the University of California, San Diego further discovered.
[...] More information on these vulnerabilities is available in the TPM-FAIL: TPM meets Timing and Lattice Attacks technical paper.
The team behind TPM-FAIL will also present the research at the Real World Crypto 2020, New York (January 8-10, 2020) and the 29th USENIX Security Symposium, Boston (August 12-14, 2020).
Well, most horrible of all effects are TPM parser kernel memory corruptions in host kernels: Linux, U-Boot, Coreboot, Tianocore.
Kernel freaks, I say.
Yeriḥo. Karthāgō. Sogdiana. Besièrs. 広島市 (Hiroshima-shi). For Love of God, what next?