Papers of the day   All papers

TPM-FAIL: TPM meets Timing and Lattice Attacks


mjos\dwez: This is pretty cool and important stuff on full working timing attacks on real-life TPMs; paper Intel TPM chips: CVE-2019-11090, ST's TPM chips: CVE-2019-16863. In this case a vulnerability website is entirely appropriate:

4 replies, 207 likes

Ian Coldwater ⎈: Oh shit. This is a big deal. And it can be done over the wire!

8 replies, 160 likes

Jann Horn: timing attack against a TPM, and since that's not hard enough already, they do it over a network connection, too?

0 replies, 83 likes

Daniel Cuthbert: Having spent the last month knee-deep in TPMs, this is just something else. Super solid research here, wow

2 replies, 34 likes

Michal Stanek: Uh oh.. a new, practical, remote (!) timing attack on discrete and firmware TPMs. Extracts private keys in just a few hours. Infineon and Nuvoton chips apparently not affected.

0 replies, 4 likes

friendly neighborhood dog mom: Honestly, it's far beyond time to stop fucking trusting Intel for *literally anything*. Every tech company making similar products has vulnerabilities, but Intel's built up a *fuck* of a list at this point compared to everyone else.

0 replies, 4 likes


Found on Nov 12 2019 at

PDF content of a computer science paper: TPM-FAIL: TPM meets Timing and Lattice Attacks