Major hoops
|
Author | Content |
---|---|
kingttx Feb 09, 2010 1:04 PM EDT |
I'm not crazy about the TPM chip (http://linuxlock.blogspot.com/2009/05/acer-tells-kids-charit...), but this guy had to do some MAJOR stuff to get into the chip. "Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores. From there, he had to find the right communication channels to tap into using a very small needle." Granted, the so-called Ft. Knox chip was not as uncrackable as they'd thought. Hopefully, though, this will make folks realize there is no magic bullet for security, you MUST have quality layers of security and not rely on one or two. |
gus3 Feb 09, 2010 1:07 PM EDT |
As computing power progresses, every security layer becomes less effective. Today's TPM chip is tomorrow's doorstop. |
SamShazaam Feb 09, 2010 2:21 PM EDT |
"Major stuff" is in the eye of the beholder. What is too much for a garage hacker is only an inconvenience to an organized criminal organization. To a foreign country's intelligence service this just the cost of doing business. |
azerthoth Feb 09, 2010 5:01 PM EDT |
Major in any sense you care to take it. This requires not just access to the system, but long term uninterrupted to the system. As in the only feasible way to pull this off is to disappear the system in question, as some of the steps involved are sure to draw anyone with a functioning sense of smell. This is not a process that you can do when someone turns their backs for a few minutes. |
Bob_Robertson Feb 09, 2010 10:49 PM EDT |
> This is not a process that you can do when someone turns their backs for a few minutes. Maybe not _this_ process, but who is to say that one of the innumerable Windows viruses hasn't been tailored to the uses of (insert black organization here) to collect passwords, crack encryption, etc? As has been said, many times and in many ways, once someone has access to the hardware all bets are off. |
azerthoth Feb 09, 2010 10:53 PM EDT |
In other processes, yes Bob. But this process? most definitely not trivial. |
gus3 Feb 10, 2010 3:26 PM EDT |
Once the keys and algorithm are extracted, manufacturing pre-cracked TPM's is possible. And how does one go about revoking the cracked key(s) to a TPM? What about granting new keys? Again, the failure of security through obscurity. |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!