mjos\dwez: This is pretty cool and important stuff on full working timing attacks on real-life TPMs; paper http://tpm.fail/tpmfail.pdf Intel TPM chips: CVE-2019-11090, ST's TPM chips: CVE-2019-16863. In this case a vulnerability website is entirely appropriate: http://tpm.fail/ https://t.co/851Bt3A6JA
4 replies, 207 likes
Ian Coldwater ⎈: Oh shit. This is a big deal. And it can be done over the wire!
8 replies, 160 likes
Jann Horn: timing attack against a TPM, and since that's not hard enough already, they do it over a network connection, too?
0 replies, 83 likes
Daniel Cuthbert: Having spent the last month knee-deep in TPMs, this is just something else. Super solid research here, wow
2 replies, 34 likes
Michal Stanek: Uh oh.. a new, practical, remote (!) timing attack on discrete and firmware TPMs. Extracts private keys in just a few hours. Infineon and Nuvoton chips apparently not affected.
0 replies, 4 likes
friendly neighborhood dog mom: Honestly, it's far beyond time to stop fucking trusting Intel for *literally anything*.
Every tech company making similar products has vulnerabilities, but Intel's built up a *fuck* of a list at this point compared to everyone else.
0 replies, 4 likes
Found on Nov 12 2019 at http://tpm.fail/tpmfail.pdf