|
IT Developments
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Researchers claim flaws in Intel's trusted platform
- From: Brian Warkoczeski
- Date: Thu Jan 08 09:23:22 2009
Researchers claim flaws in Intel's trusted platform
Jan. 6, 2009
http://www.securityfocus.com/
Intel's current implementation of trusted computing has vulnerabilities
in two separate components, allowing it to be circumvented, two security
researchers claimed Tuesday.
The technology, known as Intel's Trusted Execution Technology (TXT),
comprises a set of extensions to the processor's instruction set as well
as additional hardware, such as the Trusted Computing Module (TPM), a
central component of the Trusted Computing Group's vision of
cryptographically secured hardware. The two researchers, Rafal Wojtczuk
and Joanna Rutkowska of Invisible Things Lab, claimed to have found
flaws in specific Intel system software (corrected) and a design issue
that, together, would allow an attacker to "compromise the integrity" of
any software loaded by the TXT boot loader, the duo stated on Tuesday.
Because Intel's Trusted Execution Technology is not widely deployed, the
company has time to fix the issue, Rutkowska said.
"This doesn't affect normal users today," Rutkowska said in an e-mail
sent to SecurityFocus. "TXT is a new upcoming security technology,
almost not used today. Our research should be of most interest to system
developers, who might be thinking about implementing TXT to secure their
products, processor/chipset/OEM vendors, (and) some government agencies."
Computer makers are increasingly adopting hardware encryption to help
secure desktop and laptop computers as well as mobile devices from
malicious attacks and data breaches. In 2004, Intel announced it would
create security hardware, known as LaGrande, to lock down certain
devices. Microsoft announced similar efforts, dubbed the Next Generation
Secure Computing Base, to prevent the copying of sensitive data and
prevent malicious attacks. Both technology visions became part of the
security platform proposed by the Trusted Computing Group, of which both
Microsoft and Intel are members. Intel renamed LaGrande as the Trusted
Execution Technology (TXT).
The researchers had contacted Intel last November with some details of
their research and followed up with more information in December. They
plan to release their research at the Black Hat Security Briefings next
month.
Intel confirmed that it had been contacted by the two researchers, but
could not confirm the details of the attack. The company planned to have
members of its security team attending the presentation, a spokesperson
said.
"We are not yet talking about what the particular fix would be for
this," the Intel representative said. "We are working with (the
researchers) to establish the extent of the problem."
CORRECTION: The original article identified an incorrect piece of
software as the origin of the flaws found by the researchers. The
vulnerabilities are allegedly present in system software developed by Intel.
|
|
|
