Breaking News, World News and Taiwan News.

Updated Wednesday, February 10, 2010 11:37 am TWN, By Jordan Robertson, AP



	In this photo provided by Christopher Tarnovsky on Jan. 31, a new unopened Infineon TPM part, right, alongside a part opened by Tarnovsky are shown. A pin on the open chip was broken during handling. (AP) Enlarge Photo

Sponsors
▪	Get the best deals for Guangzhou Hotels or choose from more than 10,000 hotels in 499 Chinese cities.
▪	Find great real time deals on China Flights. Book flights to China or China domestic flights 24/7.
▪	Buy china wholesale products from reliable chinese wholesalers on DHgate.com!
▪	Save 75% for all hotels in Shanghai, Beijing and whole China. Lowest rates for Flights in China.

Security chip that does encryption in PCs hacked

That means his attack could be used to pirate satellite TV signals or make Xbox peripherals, such as handheld controllers, without paying Microsoft a licensing fee, Tarnovsky said. Microsoft confirmed its Xbox 360 uses Infineon chips, but would only say that “unauthorized accessories that circumvent security protocols are not certified to meet our safety and compliance standards.”

The technique can also be used to tap text messages and e-mail belonging to the user of a lost or stolen phone. Tarnovsky said he can't be sure, however, whether his attack would work on TPM chips made by companies other than Infineon.

Infineon said it knew this type of attack was possible when it was testing its chips. But the company said independent tests determined that the hack would require such a high skill level that there was a limited chance of it affecting many users.

“The risk is manageable, and you are just attacking one computer,” said Joerg Borchert, vice president of Infineon's chip card and security division. “Yes, this can be very valuable. It depends on the information that is stored. But that's not our task to manage. This gives a certain strength, and it's better than an unprotected computer without encryption.”

The Trusted Computing Group, which sets standards on TPM chips, called the attack “exceedingly difficult to replicate in a real-world environment.” It added that the group has “never claimed that a physical attack -- given enough time, specialized equipment, know-how and money -- was impossible. No form of security can ever be held to that standard.”

It stood by TPM chips as the most cost-effective way to secure a PC.

It's possible for computer users to scramble data in other ways, beyond what the TPM chip does. Tarnovsky's attack would do nothing to unlock those methods. But many computer owners don't bother, figuring the TPM security already protects them.

Tarnovsky needed six months to figure out his attack, which requires skill in modifying the tiny parts of the chip without destroying it.

Using off-the-shelf chemicals, Tarnovsky soaked chips in acid to dissolve their hard outer shells. Then he applied rust remover to help take off layers of mesh wiring, to expose the chips' cores. From there, he had to find the right communication channels to tap into using a very small needle.

The needle allowed him to set up a wiretap and eavesdrop on all the programming instructions as they are sent back and forth between the chip and the computer's memory. Those instructions hold the secrets to the computer's encryption, and he didn't find them encrypted because he was physically inside the chip.

Even once he had done all that, he said he still had to crack the “huge problem” of figuring out how to avoid traps programmed into the chip's software as an extra layer of defense.

1|2