• rtxn@lemmy.world
    link
    fedilink
    arrow-up
    80
    ·
    4 months ago

    The dedicated TPM chip is already being used for side-channel attacks. A new processor running arbitrary code would be a black hat’s wet dream.

    • MajorHavoc@programming.dev
      link
      fedilink
      arrow-up
      51
      ·
      4 months ago

      It will be.

      IoT devices are already getting owned at staggering rates. Adding a learning model that currently cannot be secured is absolutely going to happen, and going to cause a whole new large batch of breaches.

      • rtxn@lemmy.world
        link
        fedilink
        arrow-up
        19
        ·
        4 months ago

        TPM-FAIL from 2019. It affects Intel fTPM and some dedicated TPM chips: link

        The latest (at the moment) UEFI vulnerability, UEFIcanhazbufferoverflow is also related to, but not directly caused by, TPM on Intel systems: link

        • barsquid@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          That’s insane. How can they be doing security hardware and leave a timing attack in there?

          Thank you for those links, really interesting stuff.

        • Blue_Morpho@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          4 months ago

          A processor that isn’t Turing complete isn’t a security problem like the TPM you referenced. A TPM includes a CPU. If a processor is Turing complete it’s called a CPU.

          Is it Turing complete? I don’t know. I haven’t seen block diagrams that show the computational units have their own cpu.

          CPUs also have co processer to speed up floating point operations. That doesn’t necessarily make it a security problem.