Sign In

Communications of the ACM

ACM TechNews

WPI Researchers Discover Vulnerabilities Affecting Billions of Computer Chips


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
The logo of the TPM-Fail exploit.

Researchers found two flaws impacting Intel and STMicroelectronics central processing units that hackers could exploit to steal or doctor data on billions of devices.

Credit: www.bleepstatic.com

Researchers at Worcester Polytechnic Institute, the University of California, San Diego, and Germany's University of Lubeck found two flaws impacting Intel and STMicroelectronics central processing units (CPUs) which hackers could exploit to steal or doctor data on billions of devices.

The TPM-Fail technique would enable bad actors to use timing side-channel attacks, exposing cryptographic keys to compromise a computer's operating system, forge digital signatures, and steal or alter encrypted information.

The flaws are in trusted platform modules (TPMs), tamper-proof chips that computer makers have been incorporating into virtually all laptops, smartphones, and tablets for the past decade.

One flaw is in Intel's TPM firmware, within a cryptographic library, that can recover the signature key in less than two minutes; the other flaw is within STMicroelectronics' TPM, which essentially leaks the signature key.

The researchers disclosed the vulnerabilities to both companies, which worked with them to create fixes for the next generation of these chips.

From Worcester Polytechnic Institute
View Full Article

 

Abstracts Copyright © 2019 SmithBucklin, Washington, DC, USA


 

No entries found