Papers of the day   All papers

TPM-FAIL: TPM meets Timing and Lattice Attacks

Comments

mjos\dwez: This is pretty cool and important stuff on full working timing attacks on real-life TPMs; paper http://tpm.fail/tpmfail.pdf Intel TPM chips: CVE-2019-11090, ST's TPM chips: CVE-2019-16863. In this case a vulnerability website is entirely appropriate: http://tpm.fail/ https://t.co/851Bt3A6JA

4 replies, 207 likes


Ian Coldwater ⎈: Oh shit. This is a big deal. And it can be done over the wire!

8 replies, 160 likes


Jann Horn: timing attack against a TPM, and since that's not hard enough already, they do it over a network connection, too?

0 replies, 83 likes


Daniel Cuthbert: Having spent the last month knee-deep in TPMs, this is just something else. Super solid research here, wow

2 replies, 34 likes


Michal Stanek: Uh oh.. a new, practical, remote (!) timing attack on discrete and firmware TPMs. Extracts private keys in just a few hours. Infineon and Nuvoton chips apparently not affected.

0 replies, 4 likes


friendly neighborhood dog mom: Honestly, it's far beyond time to stop fucking trusting Intel for *literally anything*. Every tech company making similar products has vulnerabilities, but Intel's built up a *fuck* of a list at this point compared to everyone else.

0 replies, 4 likes


Content

Found on Nov 12 2019 at http://tpm.fail/tpmfail.pdf

PDF content of a computer science paper: TPM-FAIL: TPM meets Timing and Lattice Attacks