It’s a security vulnerability none the less. If there is an external TPM, then you could use a Pico to make a device that intercepts the unencrypted key. Microsoft has downplayed this vulnerability because it requires physical access to the hardware (true) and it requires significant time (false as demonstrated).
“Cracking” is a nebulous term, but generally includes any methods or tools used to steal encryption keys, which this does in under a minute IF you have physical access to the hardware AND it connects to an external TPM.
If you have physical access to the hardware, have spent weeks researching it and produced a custom solution specific to that board and revision, etc. Sure, the last step of the process is quick - but let’s not forget the time spent developing this solution.
This is kind of a moot point now because most TPM nowadays are not external modules and nobody focused on security is keeping this kind of hardware around.
Fair point, let’s acknowledge the preparation and research that goes into something like this. While the Pico may have performed the decryption in less than a minute, there were days and weeks of labour leading up to that.
A stage magician will pull a rabbit out of a hat in less than a minute, but the audience must never see the effort of the performance. Too often, for the sake of brevity and a catchy headline, journalists tend to make every slightly technological performance sound like a magic trick.
If you have physical access to the hardware, have spent weeks researching it and produced a custom solution specific to that board and revision, etc. Sure, the last step of the process is quick - but let’s not forget the time spent developing this solution.
That’s not what anyone means when they say quick. They’re talking from the moment the attempt is initiated until the time data is extracted. In this case countdown starts the moment you get access to the hardware.
And the moment he got access to the hardware was weeks ago when he opened it up and started probing around for the right points to access; prior to him making a custom PCB for it; which would (in most secure instances) require tripping a case-open switch present in most devices where security is a priority.
You can’t just hand-wave away all the prep work he was doing here…it’s great for the sensationalist news headline for sure, but not entirely accurate.
Seriously, watch the video all the way through - he spends quite some time pulling the motherboard, probing around in order to figure out where signals go, and developing a custom solution for that VERY specific computer, that VERY specific motherboard revision. He can’t just go use that tool on any PC he runs across.
Please watch the whole video and not just the first 30 seconds of it.
That’s great and all, but he owned that hardware. You’re not developing hardware exploits on a target’s hardware, you do it on a copy of the target’s hardware.
That’s like claiming the NSA spent months breaking into your phone. In reality, they spent months developing exploits on the iPhones they bought and minutes breaking into your phone once they have it.
And that says nothing about the fact that this hardware is old. The problem has already been fixed in modern hardware, where the TPM is internal to the CPU and doesn’t have external access points like this. So…the problem has already been fixed as well. That’s why I’m calling it such a silly, overhyped article. It’s great clickbait, but it has very little basis in the real world as of today.
Fixed title:
Still incorrect - it didn’t crack shit. It merely intercepted the unencrypted communication. :[
It’s a security vulnerability none the less. If there is an external TPM, then you could use a Pico to make a device that intercepts the unencrypted key. Microsoft has downplayed this vulnerability because it requires physical access to the hardware (true) and it requires significant time (false as demonstrated).
“Cracking” is a nebulous term, but generally includes any methods or tools used to steal encryption keys, which this does in under a minute IF you have physical access to the hardware AND it connects to an external TPM.
If you have physical access to the hardware, have spent weeks researching it and produced a custom solution specific to that board and revision, etc. Sure, the last step of the process is quick - but let’s not forget the time spent developing this solution.
This is kind of a moot point now because most TPM nowadays are not external modules and nobody focused on security is keeping this kind of hardware around.
Fair point, let’s acknowledge the preparation and research that goes into something like this. While the Pico may have performed the decryption in less than a minute, there were days and weeks of labour leading up to that.
A stage magician will pull a rabbit out of a hat in less than a minute, but the audience must never see the effort of the performance. Too often, for the sake of brevity and a catchy headline, journalists tend to make every slightly technological performance sound like a magic trick.
That’s not what anyone means when they say quick. They’re talking from the moment the attempt is initiated until the time data is extracted. In this case countdown starts the moment you get access to the hardware.
And the moment he got access to the hardware was weeks ago when he opened it up and started probing around for the right points to access; prior to him making a custom PCB for it; which would (in most secure instances) require tripping a case-open switch present in most devices where security is a priority.
You can’t just hand-wave away all the prep work he was doing here…it’s great for the sensationalist news headline for sure, but not entirely accurate.
Seriously, watch the video all the way through - he spends quite some time pulling the motherboard, probing around in order to figure out where signals go, and developing a custom solution for that VERY specific computer, that VERY specific motherboard revision. He can’t just go use that tool on any PC he runs across.
Please watch the whole video and not just the first 30 seconds of it.
That’s great and all, but he owned that hardware. You’re not developing hardware exploits on a target’s hardware, you do it on a copy of the target’s hardware.
That’s like claiming the NSA spent months breaking into your phone. In reality, they spent months developing exploits on the iPhones they bought and minutes breaking into your phone once they have it.
And that says nothing about the fact that this hardware is old. The problem has already been fixed in modern hardware, where the TPM is internal to the CPU and doesn’t have external access points like this. So…the problem has already been fixed as well. That’s why I’m calling it such a silly, overhyped article. It’s great clickbait, but it has very little basis in the real world as of today.
Whoops, looks like you relocated the goalposts somewhere else. Might want to move them back to where they were.
Thank you for that, wish this would stop popping up everywhere.