Powered By InformationWeek Business Technology Network
 
Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

Researcher Cracks Security Of Widely Used Computer Chip

Electron microscopy could enable criminals to develop counterfeit chips, Tarnovsky says at Black Hat DC

Feb 02, 2010 | 08:55 PM

By Tim Wilson
DarkReading

WASHINGTON, D.C. -- Black Hat DC Conference 2010 -- The ultra-secure technology used to protect some of the world's most commonly used microchips might not be so secure, a researcher said here today.

Christopher Tarnovsky, a researcher at Flylogic Engineering who has made a business of hacking "unhackable" chip technology and other hardware, was at it again today with the revelation of vulnerabilities in the Infineon SLE 66 CL PE chip, which is widely used in computers, gaming systems, identity cards, and other electronics.

Tarnovsky offered a step-by-step explanation of his successful efforts to crack the chip's defenses using electron microscopy. During the course of about nine months, Tarnovsky said he was able to bypass the chip's myriad defenses and tap into its stored information without detection or chip failure.

"I'm not saying it was easy, but this technology is not as secure as some vendors would like you to think," Tarnovsky said.

Using a painstaking process of analyzing the chip, Tarnovsky was able to identify the core and create a "bridge map" that enabled the bypass of its complex web of defenses, which is set up to disable the chip if tampering occurs. After creating the map, he used ultra-small needles to tap into the data bus -- without disturbing the protective mesh -- and essentially "read" all of the chip's stored data, including encryption keys and unique manufacturing information.

Using this data, criminals could potentially re-create the chip in order to develop counterfeit systems or subvert widely used systems, Tarnovsky said. Such exploits could allow criminals to break through the defenses of pay TV services, medical ID systems, or even Microsoft's much-vaunted Xbox license chip, he said.

Tarnovsky said he has informed Infineon of the flaws he has discovered, but so far the company has not responded. "Their initial reaction was to tell me that what I'd done was impossible," he said. "Then when I sent them some video and the code that I just showed [to the Black Hat audience], they went quiet. I have not heard back from anybody."

In addition to Infineon, Tarnovsky said he informed officials at the Trusted Platform Module (TPM) standards organization, which sets security guidelines for the widely used PC chip standard. But he has not heard back from them, either.

Tarnovsksy said he believes similar exploits would be possible with other chips as well as Infineon's, though he has not attempted them yet. The exploits would not be easy to reproduce -- Tarnovsky said he went through many chips and many needles, and electron microscope time costs $350 per hour. "But the reason it took so long was not so much what the vendors have done, but me learning how to do it," he said. "Once you know what to do, it's not incredibly hard."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.


Subscribe to RSS



Vulnerability Management Reports

report 3 Strategies to Protect Endpoints from Risky Applications
Most organizations have invested considerable time and effort in improving their endpoint risk management processes, but many are ill-equipped to handle myriad third-party applications that increasingly introduce the most risk into today’s IT environment. As IT has reduced the risk profile of PC and server operating systems, cyber-criminals have started to look for greener pastures. Learn three strategies to effectively take control of organizational endpoints and mitigate the rising risk from third-party applications.

report Applications Security: Eliminating Vulnerabilities in Enterprise Software
Most of the hacks that compromise enterprise security today are those that exploit flaws in applications. How can organizations find and fix these vulnerabilities—before they lead to a breach? Better yet, how can software developers identify flaws in their applications before the new software is ever deployed? In this special retrospective of recent news coverage, Dark Reading offers a look at some tips and tricks for software development and vulnerability assessment, as well as some advice on how to eliminate security flaws in the enterprise.

report In a Fix? Try a Vulnerability Remediation Life Cycle
There are plenty of ways to detect vulnerabilities. But assigning priorities and determining the best way to fix them is another matter. Which vulnerabilities need to be dealt with immediately, and which can wait? What should you do when a simple patch won’t suffice? How do you ensure that the problems won’t recur? In this Dark Reading Tech Center report, we explain how to implement a vulnerability remediation process that improves security for the long haul.

Other reports from the Vulnerability Management Tech Center:

Related Content

Four Steps to Cure Your Patch Management Headache
The need to speed up patch deployment across today’s highly complex and distributed IT environment has never been more important. The heat is on to proactively safeguard your systems and endpoints from the newest exploits as the time it takes hackers to exploit a known vulnerability shrinks.

Laying the IT Security Foundation: Key Steps to Preventing Cyber Attacks
Government systems are getting hit on a daily basis by new and ingenious external attacks. Federal, state and municipal agencies must find a way to adjust to this evolving threat landscape to prevent these threats from wreaking havoc. Government organizations must get back to the basics of security and lay a strong security foundation to weather these attacks by proactively addressing their root causes.

Why Free Patch Management Tools Could Cost You More
Although point patching products may look more attractive on the surface, closer inspection often reveals hidden costs and missing capabilities. The result: fragmented patch management and weaker security posture while also being a more costly and cumbersome option to maintain.

Integrate Desktop Power Savings with Patch Management
Organizations can save significant money by managing the power consumption of their IT systems, but if they aren't careful, they could save their way right into a security and operational nightmare. Conscientiously consider your tools, strategies and policies around power management if you’re seeking to go green without compromising operational efficiency or security.