News AMD's TPM Hacked: faulTPM Attack Defeats BitLocker and TPM-Based Security

[palladin9479]

Close: MEK remains resident on the drive, it's the KEK that goes to the TPM, and the pin/biometric/etc access control mediated by the TPM is to the KEK. It's how you can (with some many hoops jumped) move an encrypted drive between a TPM-enabled and a non-TPM-enabled box without decrypting in-between.

The TPM documentation was real sketchy when I was researching it. One of the reasons I do not trust TPM, way too much deliberate obscurity in an attempt to sell a product to corporate IT offices.

 

[RandomWan]

"The attack does require physical access to the machine for 'several hours.'"

Seriously?? If somebody has access to your PC that long, that "hack" is the least of your problems.

This pathetic story is typical of the anti-AMD BS articles that get posted here lately. Wouldn't surprise me in the least if it turns out that Intel funded the whole pathetic "hack"!

Except for this is pretty much one of the selling points of TPM combined with BitLocker. Your data is protected even if you lose the device.

Any security can be unmade, so eventually any of them are going to fail, but people should be aware so they can make informed choices in what they rely on.

 

[zx128k]

Ultimately this allows an attacker to fully compromise any application or encryption, like BitLocker, that relies solely upon TPM-based security.

The researchers contend that this attack vector isn't easy to mitigate due to the voltage fault injection, so the earliest intercept point for AMD to fix the issue would presumably be with its next-gen CPU microarchitectures.

This is a serious vulnerability that cannot be fixed, as you cannot issue a software patch because of the nature of the attack.

Use an Intel CPUs as a workaround.

 

[jasonf2]

If the data on your system is very valuable, there is a risk that people will break into your offices and walk off with your hardware. If the data is highly encrypted, this is much less of a threat. The key is to use both full disk hardware encryption and high bit depth encryption at the file level. If you wish to add software based file system encryption, that is also an option.

Remember, corporations are not worried about the loss of the hardware, they are worried about the loss of the data on the hardware.

Corporations with significantly sensitive data, especially PCI related information are not storing that information in a location that can be easily accessed. It also isn't being stored on hardware that you would just grab and walk away with. At the very least data centers are going to be under lock and key with someone monitoring the area. We aren't talking mission impossible level stuff to get into them, but the biggest threats in the datacenter are internal and physical access is very limited.

The biggest threat to TPM being cracked is that secure boot could potentially be tricked allowing for malicious programs to be ran on point of use systems, which are not physically secure. These systems don't typically store the sensitive data, but do temporally handle it before passing it on to the server farms for storage. They are also significantly less monitored and when something questionable is going on with the computer it can go on for an extended period of time before being discovered. It would still take someone with physical access, but on a branch level this is much more plausible. Of course everything sensitive should be encrypted, but if you can rootkit the OS on a workstation encryption is worthless.

 

[zx128k]

For gamers you still have to care because DRM could use the TPM and the only way to protect copy-protection that uses TPM is to disable the program on AMD CPU's. Hopefully its not that bad and we gamers can just carry on without issues.

 

[Bob/Paul]

"The attack does require physical access to the machine for 'several hours.'"

Seriously?? If somebody has access to your PC that long, that "hack" is the least of your problems.

This pathetic story is typical of the anti-AMD BS articles that get posted here lately. Wouldn't surprise me in the least if it turns out that Intel funded the whole pathetic "hack"!

Uh... So one purpose of BitLocker (Window's full disk encryption) is to protect your data in the event of a stolen device. If someone steals a company laptop, the $800-1200 machine is the least of your(IT staff) worries. Whether someone can access the encrypted data on the HDD is 95% of the concern.

And as the article pointed out, this sort of attack is also possible with hardware based TPMs. The fTPM had previously been considered more secure.

But the mitigation sounds pretty straight forward: use a BitLocker password in addition to the either type of TPM.

 

[Bob/Paul]

Corporations with significantly sensitive data, especially PCI related information are not storing that information in a location that can be easily accessed.

PCI data, sure. There should never be a customer's financial data on a laptop. But other, equally important data might be on the laptop, such as intellectual property (hardware designs, sensitive datasheets, software source code), etc.

 

[zx128k]

PCI data, sure. There should never be a customer's financial data on a laptop. But other, equally important data might be on the laptop, such as intellectual property (hardware designs, sensitive datasheets, software source code), etc.

Customer information has to be protected and could be on a laptop. UK has the data protection act.

Example of why it matters.

A civil monetary penalty of £150,000 was served on Greater Manchester Police under the Data Protection Act 1998 (‘the 1998 Act’) after a USB stick containing data on police operations was stolen from an officer’s home. The stick contained personal data of over 1,000 people with links to serious organised crime investigations going back over an 11 year period. It was unencrypted and had no password protection.

An investigation established that an officer had used the device to copy information from his personal folder on the force’s network in order to access the data from outside the office. It was subsequently discovered that a number of other officers were also using unencrypted memory sticks on a regular basis.

Greater Manchester Police failed to implement appropriate technical measures against the loss of personal data. Although there was an order requiring the use of encrypted memory sticks, it was not enforced and no steps were taken to restrict the downloading of files onto external devices.

 

[jasonf2]

PCI data, sure. There should never be a customer's financial data on a laptop. But other, equally important data might be on the laptop, such as intellectual property (hardware designs, sensitive datasheets, software source code), etc

Absolutely. But again these point of use systems are the vulnerable point, not the server farm.

 

[jasonf2]

Uh... So one purpose of BitLocker (Window's full disk encryption) is to protect your data in the event of a stolen device. If someone steals a company laptop, the $800-1200 machine is the least of your(IT staff) worries. Whether someone can access the encrypted data on the HDD is 95% of the concern.

And as the article pointed out, this sort of attack is also possible with hardware based TPMs. The fTPM had previously been considered more secure.

But the mitigation sounds pretty straight forward: use a BitLocker password in addition to the either type of TPM.

The bitlocker password is great in theory, but maintaining it in a corporate environment is a nightmare. Everything today seems to be leaning twards SSO and self password reset. I am not sure that many corporations even have the ITstaff to handle a remote AD key based reset on this level.

 

[Bob/Paul]

The bitlocker password is great in theory, but maintaining it in a corporate environment is a nightmare. Everything today seems to be leaning twards SSO and self password reset.

I've never had to manage it as part of IT. But I also don't think I've worked anywhere that used bitlocker without a password. Either we had it or we didn't. But maybe the places I thought had unencrypted laptops were actually using bitlocker without a password?

Where I'm at now recently our windows passwords changed from AD to "Duo Security" but we still have to type in the bitlocker password during bootup. My understanding was IT had either master password or a second password or something per machine, since I can change the bitlocker password and they can still fix it if I forget mine.

 

[jasonf2]

I've never had to manage it as part of IT. But I also don't think I've worked anywhere that used bitlocker without a password. Either we had it or we didn't. But maybe the places I thought had unencrypted laptops were actually using bitlocker without a password?

Where I'm at now recently our windows passwords changed from AD to "Duo Security" but we still have to type in the bitlocker password during bootup. My understanding was IT had either master password or a second password or something per machine, since I can change the bitlocker password and they can still fix it if I forget mine.

If bitlocker is on without the password you really can't even tell it is on. Besides a marginal amount of performance hit bitlocker is pretty much transparent without the password. So it was probably on and you just didn't notice.

 

[zx128k]

If bitlocker is on without the password you really can't even tell it is on. Besides a marginal amount of performance hit bitlocker is pretty much transparent without the password. So it was probably on and you just didn't notice.

Halves the transfer speeds for me.

 

[jasonf2]

Halves the transfer speeds for me.

Drive transfer performance takes a hard hit. But in the typical corporate environment running a secure web browser for most of the stuff they do you would be hard pressed to tell a difference. Heavy CAD or rendering stuff and there would probably be noticeable loss. Even still though corporate secrets require encryption. If you are gaming and want max FPS I wouldn't be running bitblocker anyways. It is software encryption after all.

 

[zx128k]

Drive transfer performance takes a hard hit. But in the typical corporate environment running a secure web browser for most of the stuff they do you would be hard pressed to tell a difference. Heavy CAD or rendering stuff and there would probably be noticeable loss. Even still though corporate secrets require encryption. If you are gaming and want max FPS I wouldn't be running bitblocker anyways. It is software encryption after all.

I found out the hard way, after enabling it on my gaming drive.