Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home Others Trusted Platform Modules: Can’t be trusted?

Trusted Platform Modules: Can’t be trusted?

Thursday, August 30, 2018


TPM chips, as recently researched by National Security Research Institute of South Korea are a subject to vulnerability by two fresh-in-the-market attacks.

High-end computers with TPM equipped within them are the basic targets of the attacks.


TPMs chiefly are microcontroller chips or cryptoprocessors and their basic function is to ensure the authenticity of hardware. RSA encryption keys are used to authenticate the components in the bootup process of the computer.

  •       The Attacks


                 DRTM Vulnerability
In one of the two attacks that the researchers found out, the TPM chips are affected by the use of a ‘Dynamic Root of Trust for Measurement’ (DRTM) system for the boot-up routine. The attack hasn’t spread to that extent. The main error lies in the open source library used by Intel TXT technology which goes by the name of ‘Trusted Boot’. The computers which use Intel’s Trusted eXecution Technology (TXT) for booting up are the most vulnerable to this attack. Although, the tboot maintainers had provided for a patch in the last year after they were contacted by the researchers.

 SRTM Vulnerability
The other attack affects the computers with TPM chips with SRTM (Static Root of Trust for Measurement) system for booting up. Sources say that this is actually nothing but a mere design flaw in the TPM 2.0 specification. The logic’s error was hidden until recent times. During the attack the attacker abuses power interrupts and the TPM state brings itself back to get valid hashes in the booting up and sends it to the SRTM which makes it think that it’s running on non-tampered components. Hardware vendors must provide a patch to resolve this issue.

According to sources the TPMs embedded in ASUS, Dell, Intel and Gigabyte. Dell and Intel are preparing the patch for their firmware and whether other vendors’ PC and Motherboards are affected too, is unclear.

People must be on the lookout for the latest updates in their firmware. The DRTM system vulnerability could be tracked under the CVE-2017-16827 identifier and the SRTM system error could be checked by CVE-2018-6622.




Share it: