Researchers at Worcester Polytechnic Institute, the University of California, San Diego, and Germany's University of Lubeck found two flaws impacting Intel and STMicroelectronics central processing units (CPUs) which hackers could exploit to steal or doctor data on billions of devices.
The TPM-Fail technique would enable bad actors to use timing side-channel attacks, exposing cryptographic keys to compromise a computer's operating system, forge digital signatures, and steal or alter encrypted information.
The flaws are in trusted platform modules (TPMs), tamper-proof chips that computer makers have been incorporating into virtually all laptops, smartphones, and tablets for the past decade.
One flaw is in Intel's TPM firmware, within a cryptographic library, that can recover the signature key in less than two minutes; the other flaw is within STMicroelectronics' TPM, which essentially leaks the signature key.
The researchers disclosed the vulnerabilities to both companies, which worked with them to create fixes for the next generation of these chips.
From Worcester Polytechnic Institute
View Full Article
Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA