The Trusted Platform Module (TPM), a secure chip that stores cryptographic keys and when activated adds an extra layer of protection through encryption, has been until now considered impregnable.
Chris Tarnovsky, a former U.S. Army computer-security specialist, has devised a way to break its protection, and presented this method at the Black Hat security conference.
Interesting enough, it is a hardware hack. It took him six months to succeed, but using a set of easily accessible chemicals to dissolve the chip’s outer shell and a rust remover to rub out the layers of mesh wiring, he managed to expose the communications channels he then proceeded to tap into via a small needle.
According to CTV News, this enabled him to “eavesdrop” on the programming directives passing from the chip to the machine’s memory and back. Since he was “inside” the chip, these instructions were not encrypted and, therefore, easily interpreted.
Considering the time it took Tarnovsky to carry out this hack, and the fact that the hacker must have physical access to the computer, makes it “exceedingly difficult to replicate in a real-world environment,” according to the Trusted Computing Group, the developers of the TPM specification.
Tarnovsky said that after going through all the aforementioned steps, it was still difficult to avoid traps which are programmed into the chip’s software. It is also worth mentioning that there are other ways, beside using the TPM chip, to encrypt the data, and that his attacks doesn’t target them.
The chip that Tarkovsky hacked was one of Infineon’s models. He says that this method will be successful on on the entire family of Infineon chips based on the same design, and on not-TPM chips used in a variety of equipment such as smart phone or Microsoft’s Xbox 360 console, but that he couldn’t be sure it would work on TPM chips manufactures by other companies.
The TPM chips are found in millions and millions of computers around the world, but they are not always activated. When first using a computer, users are usually asked if the want to turn it on, and when it comes to computers used by government or military agencies, they usually get activated.
Infineon says it was aware of the possibility of this kind of hack, but that due to the extremely high skill level one must possess to make it work, they consider the danger to be extremely small.