UnNews:PC encryption chip hacked
|UnNews Audio (file info)|
|Listen to this story!|
9 February 2010
The technique, discovered by Christopher Tarnovsky, requires physical access to a computer and remarkable skill. But the data that the most dangerous criminals seek might be worth it.
The finding is relevant as state-sponsored computer spying is on the rise, notably the recent attack on Google that threatens to sever the link between millions of Americans and their favorite porn sites.
Tarnovsky stole a PC that contains a Trusted Platform Module, or TPM. These chips scramble data to prevent outsiders from viewing it. PC owners can hide data in other ways, but most don't, because the sales brochure tells them everything is taken care of.
Tarnovsky disassembled the PC, then used acid, rust remover, and dog feces to melt away the coatings of the TPM chip. He then hired a brain surgeon, who used a very small needle to search for the correct internal wire to which to attach a probe. Even then, he said he still had to crack the "huge problem" of avoiding traps by which the TPM detects a break-in. "This chip is mean, man," he said.
When he finished his work, which took six months, he had full access to all the music and animations of illegal sex acts stored on that single PC. Of course, the PC was disassembled and immobile, and any abrupt movement, such as reassembly or typing, would rip the TPM chip in half. However, Tarnovsky declared at the Black Hat conference in Arlington, Virginia that the nation's security was compromised. Criminals have easy access to all the required chemicals, he said, and most bag-men and human traffickers have the stable hands required to attach the micro-probes.
"You've trusted this chip to hold your secrets, but your secrets aren't safe," said Tarnovsky, 38, who runs a security consultancy in Vista, California. "Fortunately, for just $29.99 per month, we will secure your PC against attacks. And we will give you a free credit report once a month."
- Jordan Robertson "Security chip that does encryption in PCs hacked." Associated Press, February 8, 2010