Infineon security microcontroller flaw enabled extraction of TPM secret keys

https://it4sec.substack.com/p/a-flaw-in-infineons-security-microcontrollers

39•walterbell•7mo ago

Comments

greyface-•7mo ago

Previous discussion: https://news.ycombinator.com/item?id=41434500

tomhow•7mo ago

Thanks!

EUCLEAK Side-Channel Attack on the YubiKey 5 Series - https://news.ycombinator.com/item?id=41434500 - Sept 2024 (278 comments)

Marking this one as dupe as it doesn't add any new info.

userbinator•7mo ago

Good. Enough freedom has already been destroyed in the name of hostile "security".

I suspect many far-East "MCU break" services companies already knew of such things, but obviously would not want to publicise it.

johncolanduoni•7mo ago

Name one person who couldn’t do something on a retail Intel computer they owned, because it had a TPM

mindslight•7mo ago

George Washington.

But seriously, that's an ignorant criterion. It's not a matter of arbitrary people being singled out, it's a society-wide noose being tightened ever so slowly.

Locked down boot chains were never fully asserted on amd64 because its market is for general purpose computers, and doing so would have obviously just caused people to choose alternative options. But remote attestation has no such escape hatch, and we can already see that dynamic starting to play out over in mobile land with "safety net".

userbinator•7mo ago

it's a society-wide noose being tightened ever so slowly

This. Fortunately there was a huge resistance against WEI, but we must remain vigilant to them attempting to sneak in something similar in the future.

userbinator•7mo ago

TPMs being widespread and accepted is a problem. It means that everyone has been put into a noose, but one that just hasn't yet been tightened. As evidence of what we're up against, Stallman saw it coming 25+ years ago, kept warning about it, and look what they did to him.

Relevant comment of mine 3.5 years ago: https://news.ycombinator.com/item?id=29859999

tgsovlerkhgsel•7mo ago

Computers aren't there but phones will regularly cause issues, e.g. if you root it you can't use the banking apps and if you don't root it you can't back up your data (on Android).

Satellites Have a Lot of Room

1980s Farm Crisis

Show HN: FSID - Identifier for files and directories (like ISBN for Books)

Show HN: Holy Grail: Open-Source Autonomous Development Agent

Show HN: Minecraft Creeper meets 90s Tamagotchi

Show HN: Termiteam – Control center for multiple AI agent terminals

The only U.S. particle collider shuts down

Ask HN: Why do purchased B2B email lists still have such poor deliverability?

Show HN: Remotion directory (videos and prompts)

Portable C Compiler

Show HN: Kokki – A "Dual-Core" System Prompt to Reduce LLM Hallucinations

Software Engineering Transformation 2026

Microsoft purges Win11 printer drivers, devices on borrowed time

Lunch with the FT: Tarek Mansour

Old Mexico and her lost provinces (1883)

'AI' is a dick move, redux

The source code was the moat. But not anymore

Does anyone else feel like their inbox has become their job?

An AI model that can read and diagnose a brain MRI in seconds

Dev with 5 of experience switched to Rails, what should I be careful about?

AlphaFace: High Fidelity and Real-Time Face Swapper Robust to Facial Pose

Scientists discover “levitating” time crystals that you can hold in your hand

Rammstein – Deutschland (C64 Cover, Real SID, 8-bit – 2019) [video]

Tell HN: Yet Another Round of Zendesk Spam

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

NY lawmakers proposed statewide data center moratorium

OpenClaw AI chatbots are running amok – these scientists are listening in

Show HN: AI agent forgets user preferences every session. This fixes it

Introduce the Vouch/Denouncement Contribution Model

Satellites Have a Lot of Room

1980s Farm Crisis

Show HN: FSID - Identifier for files and directories (like ISBN for Books)

Show HN: Holy Grail: Open-Source Autonomous Development Agent

Show HN: Minecraft Creeper meets 90s Tamagotchi

Show HN: Termiteam – Control center for multiple AI agent terminals

The only U.S. particle collider shuts down

Ask HN: Why do purchased B2B email lists still have such poor deliverability?

Show HN: Remotion directory (videos and prompts)

Portable C Compiler

Show HN: Kokki – A "Dual-Core" System Prompt to Reduce LLM Hallucinations

Software Engineering Transformation 2026

Microsoft purges Win11 printer drivers, devices on borrowed time

Lunch with the FT: Tarek Mansour

Old Mexico and her lost provinces (1883)

'AI' is a dick move, redux

The source code was the moat. But not anymore

Does anyone else feel like their inbox has become their job?

An AI model that can read and diagnose a brain MRI in seconds

Dev with 5 of experience switched to Rails, what should I be careful about?

AlphaFace: High Fidelity and Real-Time Face Swapper Robust to Facial Pose

Scientists discover “levitating” time crystals that you can hold in your hand

Rammstein – Deutschland (C64 Cover, Real SID, 8-bit – 2019) [video]

Tell HN: Yet Another Round of Zendesk Spam

Postgres Message Queue (PGMQ)

Show HN: Django-rclone: Database and media backups for Django, powered by rclone

NY lawmakers proposed statewide data center moratorium

OpenClaw AI chatbots are running amok – these scientists are listening in

Show HN: AI agent forgets user preferences every session. This fixes it

Introduce the Vouch/Denouncement Contribution Model

Infineon security microcontroller flaw enabled extraction of TPM secret keys

Comments