• themeatbridge@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    9 months ago

    It’s a security vulnerability none the less. If there is an external TPM, then you could use a Pico to make a device that intercepts the unencrypted key. Microsoft has downplayed this vulnerability because it requires physical access to the hardware (true) and it requires significant time (false as demonstrated).

    “Cracking” is a nebulous term, but generally includes any methods or tools used to steal encryption keys, which this does in under a minute IF you have physical access to the hardware AND it connects to an external TPM.

    • thantik@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      9 months ago

      If you have physical access to the hardware, have spent weeks researching it and produced a custom solution specific to that board and revision, etc. Sure, the last step of the process is quick - but let’s not forget the time spent developing this solution.

      This is kind of a moot point now because most TPM nowadays are not external modules and nobody focused on security is keeping this kind of hardware around.

      • Handles@leminal.space
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        Fair point, let’s acknowledge the preparation and research that goes into something like this. While the Pico may have performed the decryption in less than a minute, there were days and weeks of labour leading up to that.

        A stage magician will pull a rabbit out of a hat in less than a minute, but the audience must never see the effort of the performance. Too often, for the sake of brevity and a catchy headline, journalists tend to make every slightly technological performance sound like a magic trick.

      • DoomBot5@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        9 months ago

        If you have physical access to the hardware, have spent weeks researching it and produced a custom solution specific to that board and revision, etc. Sure, the last step of the process is quick - but let’s not forget the time spent developing this solution.

        That’s not what anyone means when they say quick. They’re talking from the moment the attempt is initiated until the time data is extracted. In this case countdown starts the moment you get access to the hardware.

        • thantik@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          edit-2
          9 months ago

          And the moment he got access to the hardware was weeks ago when he opened it up and started probing around for the right points to access; prior to him making a custom PCB for it; which would (in most secure instances) require tripping a case-open switch present in most devices where security is a priority.

          You can’t just hand-wave away all the prep work he was doing here…it’s great for the sensationalist news headline for sure, but not entirely accurate.

          Seriously, watch the video all the way through - he spends quite some time pulling the motherboard, probing around in order to figure out where signals go, and developing a custom solution for that VERY specific computer, that VERY specific motherboard revision. He can’t just go use that tool on any PC he runs across.

          Please watch the whole video and not just the first 30 seconds of it.

          • DoomBot5@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            3
            ·
            9 months ago

            That’s great and all, but he owned that hardware. You’re not developing hardware exploits on a target’s hardware, you do it on a copy of the target’s hardware.

            That’s like claiming the NSA spent months breaking into your phone. In reality, they spent months developing exploits on the iPhones they bought and minutes breaking into your phone once they have it.

            • thantik@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              9 months ago

              And that says nothing about the fact that this hardware is old. The problem has already been fixed in modern hardware, where the TPM is internal to the CPU and doesn’t have external access points like this. So…the problem has already been fixed as well. That’s why I’m calling it such a silly, overhyped article. It’s great clickbait, but it has very little basis in the real world as of today.

              • DoomBot5@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                2
                ·
                9 months ago

                Whoops, looks like you relocated the goalposts somewhere else. Might want to move them back to where they were.

                • thantik@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  arrow-down
                  1
                  ·
                  edit-2
                  9 months ago

                  The goalpost was “This is a sensationalist headline that doesn’t tell the whole truth”…sorry you missed it, it’s pretty big. I tried to hit on every bit of bullshit, but you seem to have misconstrued that as the actual point, instead of just a portion of the argument.

                  • DoomBot5@lemmy.world
                    link
                    fedilink
                    English
                    arrow-up
                    1
                    arrow-down
                    1
                    ·
                    edit-2
                    9 months ago

                    You went on your triad of how you incorrectly attributed hacking time while nobody else thought that way, then shifted the goal posts once proven wrong.