TPM-FAIL Security Flaws Impact Modern Devices With Intel CPUs

janrinok

from SoylentNews on 2019-11-16 04:56 (#4V73Z)

Submitted via IRC for soylent_fuschia

Researchers discovered two new vulnerabilities known as TPM-FAIL in Intel firmware-based TPM (fTPM) and STMicroelectronics' TPM chips that could be used by hackers to steal their targets' cryptographic keys.
TPM (short for Trusted Platform Module) is a chip used as a root of trust for a device's OS that can store highly sensitive data such as security keys, protecting them from malicious tools such as implanted rootkits or malware dropped by a threat actor.
TPMs can also be firmware-based solutions (fTPM) that run on separate 32-bit microcontrollers inside a CPU, as is the case of Intel processors starting with the Haswell generation (2013).
The two vulnerabilities allow hackers to circumvent this security shield and steal the data stored within a TPM. Once they have their hands on your signing keys, the attackers can forge digital signatures that can be used to tamper with the operating systems or to bypass authentication on the compromised machine.

Source	RSS or Atom Feed
Feed Location	https://soylentnews.org/index.rss
Feed Title	SoylentNews
Feed Link	https://soylentnews.org/
Feed Copyright	Copyright 2014, SoylentNews