Revision as of 00:11, 5 September 2024 edit Novem Linguae (talk \| contribs) Edit filter managers, Election clerks, Interface administrators, Administrators 55,281 edits m Reverted edit by 102.218.50.43 (talk) to last version by Nsuta Tag: Rollback ← Previous edit		Revision as of 17:12, 19 September 2024 edit undo 103.231.84.48 (talk) →Attacks Tags: Mobile edit Mobile web edit Next edit →
Line 164: In 2010 [[Christopher Tarnovsky]] presented an attack against TPMs at [[Black Hat Briefings]], where he claimed to be able to extract secrets from a single TPM. He was able to do this after 6 months of work by inserting a probe and spying on an [[Bus (computing)\|internal bus]] for the Infineon SLE 66 CL PC.<ref>{{Cite web\|url=https://www.networkworld.com/news/2010/020210-black-hat-processor-security.html\|title=Black Hat: Researcher claims hack of processor used to secure Xbox 360, other products\|date=January 30, 2012\|access-date=August 10, 2017\|url-status=bot: unknown\|archive-url=https://web.archive.org/web/20120130095246/https://www.networkworld.com/news/2010/020210-black-hat-processor-security.html\|archive-date=January 30, 2012}}</ref><ref>{{Cite web\|url=https://hackaday.com/2010/02/09/tpm-crytography-cracked/\|title=TPM crytography cracked\|last=Szczys\|first=Mike\|date=February 9, 2010\|website=HACKADAY\|archive-url=https://web.archive.org/web/20100212050338/https://hackaday.com/2010/02/09/tpm-crytography-cracked/\|archive-date=February 12, 2010}}</ref> In case of physical access, computers with TPM 1.2 are vulnerable to [[cold boot attack]]s as long as the system is on or can be booted without a passphrase from shutdown, [[sleep (computing)\|sleep]] or [[Hibernation (computing)\|hibernation]], which is the default setup for Windows computers with BitLocker full disk encryption.<ref>{{cite podcast\|url=https://blog.f-secure.com/podcast-reinventing-cold-boot-attack/ \| title=Episode 14 Reinventing the Cold Boot Attack: Modern Laptop Version \| host=Melissa Michael \| publisher=F-Secure Blog \| date=8 October 2018 \| access-date=28 September 2019\|archive-url=https://web.archive.org/web/20190928091354/https://blog.f-secure.com/podcast-reinventing-cold-boot-attack/\|archive-date=28 September 2019\|url-status=live}}</ref> A fix was proposed, which has been adopted in the specifications for TPM 2.0. In 2009, the concept of shared authorisation data in TPM 1.2 was found to be flawed. An adversary given access to the data could spoof responses from the TPM.<ref name=sharedauth>{{cite conference

Trusted Platform Module: Difference between revisions