Papers of the day   All papers

TPM-FAIL: TPM meets Timing and Lattice Attacks

Comments

Nov 12 2019 mjos\dwez

This is pretty cool and important stuff on full working timing attacks on real-life TPMs; paper http://tpm.fail/tpmfail.pdf Intel TPM chips: CVE-2019-11090, ST's TPM chips: CVE-2019-16863. In this case a vulnerability website is entirely appropriate: http://tpm.fail/ https://t.co/851Bt3A6JA
4 replies, 209 likes


Nov 13 2019 Ian Coldwater ⎈

Oh shit. This is a big deal. And it can be done over the wire!
8 replies, 160 likes


Nov 13 2019 Jann Horn

timing attack against a TPM, and since that's not hard enough already, they do it over a network connection, too?
0 replies, 83 likes


Nov 13 2019 Daniel Cuthbert

Having spent the last month knee-deep in TPMs, this is just something else. Super solid research here, wow
2 replies, 34 likes


Nov 13 2019 friendly neighborhood dog mom

Honestly, it's far beyond time to stop fucking trusting Intel for *literally anything*. Every tech company making similar products has vulnerabilities, but Intel's built up a *fuck* of a list at this point compared to everyone else.
0 replies, 4 likes


Nov 13 2019 Michal Stanek

Uh oh.. a new, practical, remote (!) timing attack on discrete and firmware TPMs. Extracts private keys in just a few hours. Infineon and Nuvoton chips apparently not affected.
0 replies, 4 likes


Content