Slashdot links to coverage of Christopher Tarnovksy’s recent presentation at Black Hat DC. This attack may be more feasible than initially thought, not requiring an electron scanning microscope. But it is only a little bit easier. As the NZ Herald News story explains, Tarnovsky had physical control of the chips in question and in the process stripped away material to expose circuit elements he essentially wire tapped.
The type of chip attacked is of special interest because it was held forth by industry as unbreakable. The idea is a trusted chip would form an impenetrable, hardware based root of trust for applications that needed crypto that was ironclad from the bare metal on up. TPM systems came under close scrutiny when they were initially associated with burdensome DRM schemes. Despite that one narrow application, the chips are genuinely quite useful and some hackers have explored what user serving applications could be built with them.
As far as the security of the Infineon chips goes, the rule of thumb is that once an attack is demonstrated, it only gets easier over time. That usually assumes a software attack where automation and other optimization techniques can be brought to bear. There is evidence to suggest a similar though much, much weaker trend exists for hardware attacks. For the time being, the statements by the chip vendor about the unlikelihood of this attack and its limitation to one class of chips are likely to remain true for the foreseeable future.
I know you’ve already got someone who corrects your pronunciation on the podcast, so I guess I’ll be “that guy” for the text version. It’s “brought to bear”, not “brought to bare”. I’d go into detail, but I’ve got no idea of the etymology of the phrase.
Missed that in my proof reading pass. I’ve corrected it, thanks for the catch.