Infineon security microcontroller flaw enabled extraction of TPM secret keys

https://it4sec.substack.com/p/a-flaw-in-infineons-security-microcontrollers

39•walterbell•7mo ago

Comments

greyface-•7mo ago

Previous discussion: https://news.ycombinator.com/item?id=41434500

tomhow•7mo ago

Thanks!

EUCLEAK Side-Channel Attack on the YubiKey 5 Series - https://news.ycombinator.com/item?id=41434500 - Sept 2024 (278 comments)

Marking this one as dupe as it doesn't add any new info.

userbinator•7mo ago

Good. Enough freedom has already been destroyed in the name of hostile "security".

I suspect many far-East "MCU break" services companies already knew of such things, but obviously would not want to publicise it.

johncolanduoni•7mo ago

Name one person who couldn’t do something on a retail Intel computer they owned, because it had a TPM

mindslight•7mo ago

George Washington.

But seriously, that's an ignorant criterion. It's not a matter of arbitrary people being singled out, it's a society-wide noose being tightened ever so slowly.

Locked down boot chains were never fully asserted on amd64 because its market is for general purpose computers, and doing so would have obviously just caused people to choose alternative options. But remote attestation has no such escape hatch, and we can already see that dynamic starting to play out over in mobile land with "safety net".

userbinator•7mo ago

it's a society-wide noose being tightened ever so slowly

This. Fortunately there was a huge resistance against WEI, but we must remain vigilant to them attempting to sneak in something similar in the future.

userbinator•7mo ago

TPMs being widespread and accepted is a problem. It means that everyone has been put into a noose, but one that just hasn't yet been tightened. As evidence of what we're up against, Stallman saw it coming 25+ years ago, kept warning about it, and look what they did to him.

Relevant comment of mine 3.5 years ago: https://news.ycombinator.com/item?id=29859999

tgsovlerkhgsel•7mo ago

Computers aren't there but phones will regularly cause issues, e.g. if you root it you can't use the banking apps and if you don't root it you can't back up your data (on Android).

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

What the longevity experts don't tell you

Monzo wrongly denied refunds to fraud and scam victims

They were drawn to Korea with dreams of K-pop stardom – but then let down

Show HN: AI-Powered Merchant Intelligence

Bash parallel tasks and error handling

Let's compile Quake like it's 1997

Reverse Engineering Medium.com's Editor: How Copy, Paste, and Images Work

Go 1.22, SQLite, and Next.js: The "Boring" Back End

Laibach the Whistleblowers [video]

Slop News - The Front Page right now but it's only Slop

Economists vs. Technologists on AI

Life at the Edge

RISC-V Vector Primer

Show HN: Invoxo – Invoicing with automatic EU VAT for cross-border services

A Tale of Two Standards, POSIX and Win32 (2005)

Ask HN: Is the Downfall of SaaS Started?

Flirt: The Native Backend

OpenAI's Latest Platform Targets Enterprise Customers

Goldman Sachs taps Anthropic's Claude to automate accounting, compliance roles

Ai.com bought by Crypto.com founder for $70M in biggest-ever website name deal

Big Tech's AI Push Is Costing More Than the Moon Landing

Infineon security microcontroller flaw enabled extraction of TPM secret keys

Comments

The Path to Mojo 1.0

Show HN: I'm 75, building an OSS Virtual Protest Protocol for digital activism

Show HN: I built Divvy to split restaurant bills from a photo

Hot Reloading in Rust? Subsecond and Dioxus to the Rescue

Skim – vibe review your PRs

Show HN: Open-source AI assistant for interview reasoning

Tech Edge: A Living Playbook for America's Technology Long Game

Golden Cross vs. Death Cross: Crypto Trading Guide

Hoot: Scheme on WebAssembly

What the longevity experts don't tell you

Monzo wrongly denied refunds to fraud and scam victims

They were drawn to Korea with dreams of K-pop stardom – but then let down

Show HN: AI-Powered Merchant Intelligence

Bash parallel tasks and error handling

Let's compile Quake like it's 1997

Reverse Engineering Medium.com's Editor: How Copy, Paste, and Images Work

Go 1.22, SQLite, and Next.js: The "Boring" Back End

Laibach the Whistleblowers [video]

Slop News - The Front Page right now but it's only Slop

Economists vs. Technologists on AI

Life at the Edge

RISC-V Vector Primer

Show HN: Invoxo – Invoicing with automatic EU VAT for cross-border services

A Tale of Two Standards, POSIX and Win32 (2005)

Ask HN: Is the Downfall of SaaS Started?

Flirt: The Native Backend

OpenAI's Latest Platform Targets Enterprise Customers

Goldman Sachs taps Anthropic's Claude to automate accounting, compliance roles

Ai.com bought by Crypto.com founder for $70M in biggest-ever website name deal

Big Tech's AI Push Is Costing More Than the Moon Landing