• @rtxn
    link
    815 months ago

    The dedicated TPM chip is already being used for side-channel attacks. A new processor running arbitrary code would be a black hat’s wet dream.

    • @[email protected]
      link
      fedilink
      515 months ago

      It will be.

      IoT devices are already getting owned at staggering rates. Adding a learning model that currently cannot be secured is absolutely going to happen, and going to cause a whole new large batch of breaches.

    • @barsquid
      link
      55 months ago

      Do you have an article on that handy? I like reading about side channel and timing attacks.

      • @rtxn
        link
        195 months ago

        TPM-FAIL from 2019. It affects Intel fTPM and some dedicated TPM chips: link

        The latest (at the moment) UEFI vulnerability, UEFIcanhazbufferoverflow is also related to, but not directly caused by, TPM on Intel systems: link

        • @barsquid
          link
          35 months ago

          That’s insane. How can they be doing security hardware and leave a timing attack in there?

          Thank you for those links, really interesting stuff.

    • @Blue_Morpho
      link
      25 months ago

      It’s not a full CPU. It’s more limited than GPU.

      • @rtxn
        link
        185 months ago

        That’s why I wrote “processor” and not CPU.

        • @Blue_Morpho
          link
          1
          edit-2
          5 months ago

          A processor that isn’t Turing complete isn’t a security problem like the TPM you referenced. A TPM includes a CPU. If a processor is Turing complete it’s called a CPU.

          Is it Turing complete? I don’t know. I haven’t seen block diagrams that show the computational units have their own cpu.

          CPUs also have co processer to speed up floating point operations. That doesn’t necessarily make it a security problem.