News AMD's TPM Hacked: faulTPM Attack Defeats BitLocker and TPM-Based Security

[Admin]

Researchers with the Technical University of Berlin reveal that AMD's firmware-based Trusted Platform Module (fTPM / TPM) can be fully compromised via a voltage fault injection attack, thus allowing full access to the cryptographic data held inside the fTPM.

AMD's TPM Hacked: faulTPM Attack Defeats BitLocker and TPM-Based Security : Read more

 

[lightofhonor]

I would be more concerned with someone having access to my disassembled PC for several hours than the risk of this attack.

 

[PEnns]

"The attack does require physical access to the machine for 'several hours.'"

Seriously?? If somebody has access to your PC that long, that "hack" is the least of your problems.

This pathetic story is typical of the anti-AMD BS articles that get posted here lately. Wouldn't surprise me in the least if it turns out that Intel funded the whole pathetic "hack"!

 

[drivinfast247]

Crap! Just yesterday some dweeb with glasses and a pocket protector came to my door and asked to see my PC for a bit! Why would I have thought anything bad would come of it!?

 

[JamesJones44]

"The attack does require physical access to the machine for 'several hours.'"

Seriously?? If somebody has access to your PC that long, that "hack" is the least of your problems.

This pathetic story is typical of the anti-AMD BS articles that get posted here lately. Wouldn't me surprise me in the least if it turns out that Intel funded the whole pathetic "hack"!

Please, if this were an Apple attack it would be front page of every news outlet on the planet. This isn't just an AMD smear article, you see these articles about about "hacks" for physical hardware all the time. I read one just the other day about compromising Samsung Exynos CPU security with a physical hack. Google's project zero puts out reports like these monthly.

 

[ralfthedog]

I would be more concerned with someone having access to my disassembled PC for several hours than the risk of this attack.

"The attack does require physical access to the machine for 'several hours.'"

Seriously?? If somebody has access to your PC that long, that "hack" is the least of your problems.

This pathetic story is typical of the anti-AMD BS articles that get posted here lately. Wouldn't me surprise me in the least if it turns out that Intel funded the whole pathetic "hack"!

If the data on your system is very valuable, there is a risk that people will break into your offices and walk off with your hardware. If the data is highly encrypted, this is much less of a threat. The key is to use both full disk hardware encryption and high bit depth encryption at the file level. If you wish to add software based file system encryption, that is also an option.

Remember, corporations are not worried about the loss of the hardware, they are worried about the loss of the data on the hardware.

 

[Dr3ams]

As an average user, I could care less about this article. Also...a company or government agency that works with highly sensitive data is going to have more than hardware and software security to protect their property.

 

[FlyingBuzz]

This type of attack might be harmful for game console business. Since access is suppose to be locked and keys are suppose to be hidden.

Other than that, I dont think we have to worry..

 

[Vanderlindemedia]

It's a hack that, cant really be a danger in the wild. You'll need a couple of hours physical access to a already stripped machine.

It would be dangerous if there was a hack that was able from user space to read it's TPM.

 

[hotaru.hino]

Any vulnerability, no matter what the requirements are, may lead to finding other vectors of attack that could be easier or more convenient now that they're aware of a weak spot. If you dismiss every "requires physical access" vulnerability as a non-problem, you'll be blindsided by someone who found a way to remove that requirement. Or lowered the bar enough to make it convenient to do.

As an aside, speedrunners thought a lot of strats were tool-assisted (TAS) only; i.e., humanly impossible. But they used what the TAS did as a starting point to find a vector into doing something like RNG manipulation or arbitrary code execution that could be done by sufficiently skilled humans.

 

[Charogne]

I heard there is a hack on windows that, if you give access to a evil russian hacker for several hours, with all your passwords, he can do lot of stuff on your pc.

 

[Deleted member 14196]

"The attack does require physical access to the machine for 'several hours.'"

Seriously?? If somebody has access to your PC that long, that "hack" is the least of your problems.

This pathetic story is typical of the anti-AMD BS articles that get posted here lately. Wouldn't me surprise me in the least if it turns out that Intel funded the whole pathetic "hack"!

Well, maybe it’s like THE IT CROWD where they pull off pranks on their boss

 

[Pat Flynn]

This is one of the reasons that I stopped reading Tom's a while ago.
While it's great to know that this is a thing (I'm a Systems Admin, I appreciate it somewhat), this is on older architectures, and this exact thing was likely the target of the 'Walled-Garden' security design on the Ryzen 5000G/U CPU's. Since it's an outgoing architecture, new equipment should resolve this.

Also, using smart cards as a multi-factor authentication with domain to also encrypt the hard drive may be another way to counter this hack. It's pretty extreme, but it might work.

So while I did actually think about this because you can use the walled-garden to store Azure AD security objects so that an authenticated user can access very privileged information, the reality is - only the big fortune 500's, 'Enterprise' companies, and Gov'ts will even consider using a schema this secured.
If a company has a regular policy of updating laptops that are outside of secured company premises, this issue is a non-starter.
Ryzen 5000G's shouldn't be an issue, and these are now... 1.5 years old? This is about the window it typically takes to crack hardware security these days, if not less.

 

[Makaveli]

I would be more concerned with someone having access to my disassembled PC for several hours than the risk of this attack.

This right here.

Physical access to the machine for hours will equal a comprised machine regardless of what security you are using.

If the data on your system is very valuable, there is a risk that people will break into your offices and walk off with your hardware. If the data is highly encrypted, this is much less of a threat. The key is to use both full disk hardware encryption and high bit depth encryption at the file level. If you wish to add software based file system encryption, that is also an option.

Remember, corporations are not worried about the loss of the hardware, they are worried about the loss of the data on the hardware.

So what you are saying home users which are probably the majority of this site don't need to worry about it.

 

[Alvar "Miles" Udell]

It will be interesting to see if this approach can be used on laptops, as they are more likely to be stolen, and government systems can lag behind several generations.

 

[hotaru.hino]

In addition to what @Alvar "Miles" Udell said, another thing of note is if the system is configured such that BitLocker requires some authentication to unlock the drive, then your options are:

• Finding yet another encryption key
• Brute forcing a PIN, which the system has a hammering deterrent in place

And even if you assume BitLocker is using AES-128, it's still not feasible to brute force a key. So even if you have the computer, accessing its contents may take more than a "few hours." Obviously you should treat the computer as compromised if you get it back, but the chances of someone grabbing the data from a BitLocker drive with a gatekeeper in place is still pretty small.

I haven't messed with a BitLocker encrypted system enough, but I'm pretty certain you can bypass the authentication by forcing it to go into recovery mode and providing it a key. Which if that key is used to unlock the drive, is likely stored in the TPM module too since BitLocker doesn't use a public-private key system.

 

[ex_bubblehead]

In addition to what @Alvar "Miles" Udell said, another thing of note is if the system is configured such that BitLocker requires some authentication to unlock the drive, then your options are:

• Finding yet another encryption key
• Brute forcing a PIN, which the system has a hammering deterrent in place

And even if you assume BitLocker is using AES-128, it's still not feasible to brute force a key. So even if you have the computer, accessing its contents may take more than a "few hours." Obviously you should treat the computer as compromised if you get it back, but the chances of someone grabbing the data from a BitLocker drive with a gatekeeper in place is still pretty small.

I haven't messed with a BitLocker encrypted system enough, but I'm pretty certain you can bypass the authentication by forcing it to go into recovery mode and providing it a key. Which if that key is used to unlock the drive, is likely stored in the TPM module too since BitLocker doesn't use a public-private key system.

There are advanced forensic methods that can capture a BitLocker key from RAM.

 

[hotaru.hino]

There are advanced forensic methods that can capture a BitLocker key from RAM.

And can this be done if the computer's been off for several hours without lowering its temperature?

 

[TJ Hooker]

this is on older architectures, and this exact thing was likely the target of the 'Walled-Garden' security design on the Ryzen 5000G/U CPU's. Since it's an outgoing architecture, new equipment should resolve this.

They verified the vulnerability exists with a 5600H, which was released at the same time or earlier than all the 5000G/U models. What makes you think it'd be fixed in those other Zen 3 chips?

If the vulnerability affects all chips based on Zen 3 (or earlier), then even some mobile chips from their latest lineup released just this year are affected (unless they reworked the fTPM for mobile 7000 series chips that are describes as "Zen 3"). Along with all non-7000 series desktop chips.

 

[setx]

Great research. Another nail in the coffin of pseudo-security.

I definitely wouldn't trust some black box (like AMD PSP / Intel ME) with anything important. TPM requirement of Win11 is likely preparation for some kind of DRM, not a worry about securing user's data.

 

[TJ Hooker]

It will be interesting to see if this approach can be used on laptops, as they are more likely to be stolen, and government systems can lag behind several generations

One of the devices the researchers used was a laptop, it was vulnerable.

 

[TJ Hooker]

In addition to what @Alvar "Miles" Udell said, another thing of note is if the system is configured such that BitLocker requires some authentication to unlock the drive, then your options are:

• Finding yet another encryption key
• Brute forcing a PIN, which the system has a hammering deterrent in place

And even if you assume BitLocker is using AES-128, it's still not feasible to brute force a key. So even if you have the computer, accessing its contents may take more than a "few hours." Obviously you should treat the computer as compromised if you get it back, but the chances of someone grabbing the data from a BitLocker drive with a gatekeeper in place is still pretty small.

I haven't messed with a BitLocker encrypted system enough, but I'm pretty certain you can bypass the authentication by forcing it to go into recovery mode and providing it a key. Which if that key is used to unlock the drive, is likely stored in the TPM module too since BitLocker doesn't use a public-private key system.

In the case of Bitlocker using TPM + Pin, the disk encryption key is encrypted using a key derived from the PIN and stored in the TPM. Using the vulnerability described, they can extract that encrypted key, meaning they can brute force it with no restrictions on speed. Using AES doesn't automatically mean you can't crack it, it still depends on key strength. A typical PIN of 4-8 digits could be cracked in seconds.

Refer to section 5.3.1 of the paper if you're interested in more details.

Edit: I believe this applies to fTPMs specifically. It looks attacks against discrete TPM chips (dTPMs) work differently, but are still feasible.

 

[USAFRet]

Great research. Another nail in the coffin of pseudo-security.

I definitely wouldn't trust some black box (like AMD PSP / Intel ME) with anything important. TPM requirement of Win11 is likely preparation for some kind of DRM, not a worry about securing user's data.

And your learned solution would be.....what?

 

[TJ Hooker]

Great research. Another nail in the coffin of pseudo-security.

I definitely wouldn't trust some black box (like AMD PSP / Intel ME) with anything important. TPM requirement of Win11 is likely preparation for some kind of DRM, not a worry about securing user's data.

All security measures will have some sort of limitation or vulnerability though, that doesn't necessarily make them worthless.

In this case, the TPM still makes things far harder for an attacker than if just a PIN/weak password was used. And unfortunately the majority of people do use weak passwords.

 

[Oldcompsci]

Insider threats are always going to be with us. The fact that this hack required direct physical access with specialized hardware shows how robust the current security is. Not losing any sleep over this particular issue.