Cryptographic Flaw Within Infineon TPM Chips Announced

[jagdtigger]

Quote

Some of the biggest tech giants in the industry are warning customers of a very serious vulnerability affecting TPM chips produced by Infineon Technologies. The vulnerability itself is created by a flaw in the Trusted Platform Module (TPM), which is designed to protect cryptographic devices within integrated hardware.

Quote

Once an attacker gains access to the Public RSA key of a device with an affected Infineon TPM module, they will be able to compute the private key through factorization. Due to the amount of resources required to compute these keys, it is unlikely that the individual user has much to worry about. Current factorization estimates show 2 hours of CPU time for a 512 bit key, and the 2048 bit RSA key taking 140.8 years of CPU time.

Source:

https://www.hardocp.com/news/2017/10/16/cryptographic_flaw_within_infineon_tpm_chips_announced

 

Affected vendors ATM: Asus, Acer, Lenovo, HP, Toshiba, Samsung, LG, Chromebook.

 

This attack takes a lot of resource, but its just yet another example why these "black boxes" should not exist... Who knows how many weakness is still hidden in their firmware, and how many was found only by black-hats and/or acronym agencies.

[Ryujin2003]

No Dell?

 

Didn't see it in the source doc, but how old are this TPM chips?

[Guest]

2 hours ago, Ryujin2003 said:

No Dell?

 

Didn't see it in the source doc, but how old are this TPM chips?

Running "powershell.exe get-tpm" in powershell seems to show that my Dell Inspiron 5577 has an Intel TPM.

[Sir Asvald]

Damn.. we use TPM on our laptops at work (Dell Latitudes).

[Guest]

1 hour ago, Abdul201588 said:

Damn.. we use TPM on our laptops at work (Dell Latitudes).

How old are they and are you sure they are using TPMs from Infineon?

[Sir Asvald]

1 hour ago, tjcater said:

How old are they and are you sure they are using TPMs from Infineon?

Too be honest. I haven't checked. lol. I need to ask my manager at some point..

[S w a t s o n]

I've always wondered how they compute CPU time for these kinds of things. CPU's have an insane range of ipc and clock speeds as well as thread count.

[ScratchCat]

2 hours ago, Swatson said:

I've always wondered how they compute CPU time for these kinds of things. CPU's have an insane range of ipc and clock speeds as well as thread count.

Probably an average server with 12 cores or similar from the Haswell generation or later. I would doubt they would use anything with fewer than 6 cores due to the massive gains they would be able to achieve with more cores.

RSA-768 took 2 years with a CPU time of 2000 years on a single core 2.2 GHz opteron.

https://en.wikipedia.org/wiki/RSA_numbers#RSA-768

RSA-2048 let alone 3072 or 4096 would take much longer.

[8uhbbhu8]

Considering how available and cheap it is to rent high powered could and gpu based servers. Not to mention the botnets available for rent on the black market, i thinking that if someone was actually determined to crack one of these affected tpm chips it wouldn't take s long as many think. Remember these "CPU times" are usually based on only a few mqchines.

 

This is an actually huge security flaw and I hope there's a way to fix it. Unless it's hardcoded into the chip shouldn't there be a way to flash an update to it? (Not exactly sure how to chips work anymore)

[Ryujin2003]

4 hours ago, tjcater said:

How old are they and are you sure they are using TPMs from Infineon?

Well... As for age.... The post cites Samsung devices... When was the last time Samsung made a PC? Almost as long as Sony?

[dfsdfgfkjsefoiqzemnd]

Steve Gibson went in-depth on this in Tuesday's episode of Security Now.  Kinda surprised that it only popped up here today.

 

 

15:15 to 36:15

 

He also mentioned that they only found out because they generated a load of keys and studied the output.  This is once again proof that anything related to security really needs to be open-source.

 

38 minutes ago, ScratchCat said:

Probably an average server with 12 cores or similar from the Haswell generation or later. I would doubt they would use anything with fewer than 6 cores due to the massive gains they would be able to achieve with more cores.

modern single core, no hyperthreading either.  Also keep in mind that this is worst-case scenario.  It needs that amount of CPU time to run ALL possible combinations.  On average the key will be found in about half the time.  So 100 CPU years to crack a 2048bit key with a modern 8-core with hyperthreading = little over 6 years to run all possible combinations.  That means 100 CPU years will be on average 3 years for a modern high-end gaming PC's CPU.  So with some serious processing power it really won't take too long.  If you have access to a supercomputer or a botnet, 100 CPU years is probably a matter of hours. 

[Guest]

3 minutes ago, Ryujin2003 said:

Well... As for age.... The post cites Samsung devices... When was the last time Samsung made a PC? Almost as long as Sony?

This year?

https://www.samsung.com/us/support/owners/product/odyssey

https://www.theverge.com/2017/1/4/14165540/samsung-notebook-odyssey-gaming-announced-specs-ces-2017

[S w a t s o n]

1 hour ago, ScratchCat said:

Probably an average server with 12 cores or similar from the Haswell generation or later. I would doubt they would use anything with fewer than 6 cores due to the massive gains they would be able to achieve with more cores.

RSA-768 took 2 years with a CPU time of 2000 years on a single core 2.2 GHz opteron.

https://en.wikipedia.org/wiki/RSA_numbers#RSA-768

RSA-2048 let alone 3072 or 4096 would take much longer.

See that doesn't help. Why are they measuring CPU time in thousands of years with a single core opteron. CPU time of 2 years with the proper cpus used is much more helpful.