Infineon security microcontroller flaw enabled extraction of TPM secret keys

https://it4sec.substack.com/p/a-flaw-in-infineons-security-microcontrollers

39•walterbell•7mo ago

Comments

greyface-•7mo ago

Previous discussion: https://news.ycombinator.com/item?id=41434500

tomhow•7mo ago

Thanks!

EUCLEAK Side-Channel Attack on the YubiKey 5 Series - https://news.ycombinator.com/item?id=41434500 - Sept 2024 (278 comments)

Marking this one as dupe as it doesn't add any new info.

userbinator•7mo ago

Good. Enough freedom has already been destroyed in the name of hostile "security".

I suspect many far-East "MCU break" services companies already knew of such things, but obviously would not want to publicise it.

johncolanduoni•7mo ago

Name one person who couldn’t do something on a retail Intel computer they owned, because it had a TPM

mindslight•7mo ago

George Washington.

But seriously, that's an ignorant criterion. It's not a matter of arbitrary people being singled out, it's a society-wide noose being tightened ever so slowly.

Locked down boot chains were never fully asserted on amd64 because its market is for general purpose computers, and doing so would have obviously just caused people to choose alternative options. But remote attestation has no such escape hatch, and we can already see that dynamic starting to play out over in mobile land with "safety net".

userbinator•7mo ago

it's a society-wide noose being tightened ever so slowly

This. Fortunately there was a huge resistance against WEI, but we must remain vigilant to them attempting to sneak in something similar in the future.

userbinator•7mo ago

TPMs being widespread and accepted is a problem. It means that everyone has been put into a noose, but one that just hasn't yet been tightened. As evidence of what we're up against, Stallman saw it coming 25+ years ago, kept warning about it, and look what they did to him.

Relevant comment of mine 3.5 years ago: https://news.ycombinator.com/item?id=29859999

tgsovlerkhgsel•7mo ago

Computers aren't there but phones will regularly cause issues, e.g. if you root it you can't use the banking apps and if you don't root it you can't back up your data (on Android).

Show HN: I built a <400ms latency voice agent that runs on a 4gb vram GTX 1650"

Penisgate erupts at Olympics; scandal exposes risks of bulking your bulge

Arcan Explained: A browser for different webs

What did we learn from the AI Village in 2025?

An open replacement for the IBM 3174 Establishment Controller

The P in PGP isn't for pain: encrypting emails in the browser

Show HN: Mirror Parliament where users vote on top of politicians and draft laws

Ask HN: Opus 4.6 ignoring instructions, how to use 4.5 in Claude Code instead?

We Mourn Our Craft

Jim Fan calls pixels the ultimate motor controller

Exploring a Modern SMTPE 2110 Broadcast Truck with My Dad

AI UX Playground: Real-world examples of AI interaction design

The Field Guide to Design Futures

The Other Leverage in Software and AI

AUR malware scanner written in Rust

Free FFmpeg API [video]

Are AI agents ready for the workplace? A new benchmark raises doubts

Show HN: AI Watermark and Stego Scanner

Clarity vs. complexity: the invisible work of subtraction

Solid-State Freezer Needs No Refrigerants

Ask HN: Will LLMs/AI Decrease Human Intelligence and Make Expertise a Commodity?

From Zero to Hero: A Brief Introduction to Spring Boot

NSA detected phone call between foreign intelligence and person close to Trump

How to Fake a Robotics Result

It's time for the world to boycott the US

Show HN: Semantic Search for terminal commands in the Browser (No Back end)

The AI CEO Experiment

Speed up responses with fast mode

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Show HN: I built a <400ms latency voice agent that runs on a 4gb vram GTX 1650"

Penisgate erupts at Olympics; scandal exposes risks of bulking your bulge

Arcan Explained: A browser for different webs

What did we learn from the AI Village in 2025?

An open replacement for the IBM 3174 Establishment Controller

The P in PGP isn't for pain: encrypting emails in the browser

Show HN: Mirror Parliament where users vote on top of politicians and draft laws

Ask HN: Opus 4.6 ignoring instructions, how to use 4.5 in Claude Code instead?

We Mourn Our Craft

Jim Fan calls pixels the ultimate motor controller

Exploring a Modern SMTPE 2110 Broadcast Truck with My Dad

AI UX Playground: Real-world examples of AI interaction design

The Field Guide to Design Futures

The Other Leverage in Software and AI

AUR malware scanner written in Rust

Free FFmpeg API [video]

Are AI agents ready for the workplace? A new benchmark raises doubts

Show HN: AI Watermark and Stego Scanner

Clarity vs. complexity: the invisible work of subtraction

Solid-State Freezer Needs No Refrigerants

Ask HN: Will LLMs/AI Decrease Human Intelligence and Make Expertise a Commodity?

From Zero to Hero: A Brief Introduction to Spring Boot

NSA detected phone call between foreign intelligence and person close to Trump

How to Fake a Robotics Result

It's time for the world to boycott the US

Show HN: Semantic Search for terminal commands in the Browser (No Back end)

The AI CEO Experiment

Speed up responses with fast mode

MS-DOS game copy protection and cracks

Updates on GNU/Hurd progress [video]

Infineon security microcontroller flaw enabled extraction of TPM secret keys

Comments