Welcome Guest. | Log In | Register | Membership Benefits
  • |   Email this page E-mail
  • |  Print Print
  • |   Bookmark and Share

Researcher Cracks Security Of Widely Used Computer Chip

Electron microscopy could enable criminals to develop counterfeit chips, Tarnovsky says at Black Hat DC

Feb 02, 2010 | 08:55 PM | 

By Tim Wilson

WASHINGTON, D.C. -- Black Hat DC Conference 2010 -- The ultra-secure technology used to protect some of the world's most commonly used microchips might not be so secure, a researcher said here today.

Christopher Tarnovsky, a researcher at Flylogic Engineering who has made a business of hacking "unhackable" chip technology and other hardware, was at it again today with the revelation of vulnerabilities in the Infineon SLE 66 CL PE chip, which is widely used in computers, gaming systems, identity cards, and other electronics.

Tarnovsky offered a step-by-step explanation of his successful efforts to crack the chip's defenses using electron microscopy. During the course of about nine months, Tarnovsky said he was able to bypass the chip's myriad defenses and tap into its stored information without detection or chip failure.

"I'm not saying it was easy, but this technology is not as secure as some vendors would like you to think," Tarnovsky said.

Using a painstaking process of analyzing the chip, Tarnovsky was able to identify the core and create a "bridge map" that enabled the bypass of its complex web of defenses, which is set up to disable the chip if tampering occurs. After creating the map, he used ultra-small needles to tap into the data bus -- without disturbing the protective mesh -- and essentially "read" all of the chip's stored data, including encryption keys and unique manufacturing information.

Using this data, criminals could potentially re-create the chip in order to develop counterfeit systems or subvert widely used systems, Tarnovsky said. Such exploits could allow criminals to break through the defenses of pay TV services, medical ID systems, or even Microsoft's much-vaunted Xbox license chip, he said.

Tarnovsky said he has informed Infineon of the flaws he has discovered, but so far the company has not responded. "Their initial reaction was to tell me that what I'd done was impossible," he said. "Then when I sent them some video and the code that I just showed [to the Black Hat audience], they went quiet. I have not heard back from anybody."

In addition to Infineon, Tarnovsky said he informed officials at the Trusted Platform Module (TPM) standards organization, which sets security guidelines for the widely used PC chip standard. But he has not heard back from them, either.

Tarnovsksy said he believes similar exploits would be possible with other chips as well as Infineon's, though he has not attempted them yet. The exploits would not be easy to reproduce -- Tarnovsky said he went through many chips and many needles, and electron microscope time costs $350 per hour. "But the reason it took so long was not so much what the vendors have done, but me learning how to do it," he said. "Once you know what to do, it's not incredibly hard."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



Vulnerability Management Reports

report How (and Why) Attackers Choose Their Targets
To protect company and customer data, we need to determine what makes it so vulnerable and appealing. We also need to understand how hackers operate, and what tools and processes they rely on. In this report, we explain how to ensure the best defense by thinking like an attacker and identifying the weakest link in your own corporate data chain.

report Security Pro's Guide to Patch Management
It's no longer sufficient to patch just Windows, Office and IE. With the massive array of applications now residing on enterprise PCs, and the proliferation of mobile and cloud-based applications, your business is far too vulnerable to exploitation unless you have a solid strategy for patch prioritization, deployment and quality assurance. Follow these steps to put your plan in place.

report In-House Malware Analysis: Why You Need It, How to Do It
Vulnerability management identifies and closes exploitable holes in your enterprise network. But some systems remain vulnerable, and traditional antivirus and perimeter defenses are proving less effective against sophisticated malware, targeted attacks and zero-day exploits. In this report, we show you how malware analysis, tied closely to incident response, is an essential complement to enterprise vulnerability management programs.

Other reports from the Vulnerability Management Tech Center:

Related Content

IT Pros Guide to Data Protection: Top 5 Tips For Securing Data In The Modern Organization
Ready your organization for more robust data protection measures by first implementing these five steps to improve data security in a business- and cost-effective manner.

E Is for Endpoint: Six Security Strategies for Highly Effective IT Professionals
Security professionals know that effective endpoint protection calls for a layered, defense-in-depth approach. But today's endpoints demand even more. Endpoint security now requires a new way of thinking that goes beyond just battling threats to actually enabling operational improvement. Learn the six steps you need to think different about endpoint security.

The Ponemon Institute 2012 State of the Endpoint
The 2012 State of the Endpoint study, sponsored by Lumension and conducted by Ponemon Institute, determines how effective organizations are in the protection of their endpoints and what they perceive are the biggest obstacles to reducing risk. The study is focused on four topics on the state of endpoint security: risk, productivity, resources and complexity.

The CISOs Guide to Measuring IT Security
Many organizations continue to blindly blaze into new technology territory without fully understanding the inherent IT risks. As a CISO, you must be able to facilitate business productivity without the risk. If you can accurately measure your security posture and communicate in terms of business risk as opposed to bits and bytes, you can effectively gain buy-in from key executives on important security initiatives. Learn the key steps to enhancing your security visibility so that you have a voice at the executive table.

Unruly USB Devices Expose Networks to Malware
It's pretty easy for organizations to get so wrapped up about what goes out on USB drives that they forget to protect against what comes in their environments via USB. And with attacks inflicting increasingly greater damage following uncontrolled connection, it's time that organizations got serious about this threat. The key to USB security is balancing productivity with protection.