Trusted platform module security defeated in 30 minutes, no soldering required

Sycraft

Supreme [H]ardness
Joined
Nov 9, 2006
Messages
4,994
https://arstechnica.com/gadgets/2021/08/how-to-go-from-stolen-pc-to-network-intrusion-in-30-minutes/

Windows 11 isn't even out and TPM has been hacked. LOL.

However, this is a pretty sophisticated attack and requires physical access and special tools.
The Windows 11 TPM requirement isn't for this sort of attack. This is something against Bitlocker, which is not enabled by default. The Windows 11 TPM requirement is for secure boot, to keep malware from fucking with the bootloader.
 

Mchart

Supreme [H]ardness
Joined
Aug 7, 2004
Messages
4,818
“TPM defeated because none of the things that enable it to lock down a system were enabled”

“Man hacks windows 10 system remotely that still had SMB V1 enabled”

“Linux defeated because bash shell could elevate SU privileges”
 

Lakados

Supreme [H]ardness
Joined
Feb 3, 2014
Messages
4,713
Good points, but it's still a demerit to a technology that was "virtually unhackable" a few weeks ago.
It’s not exactly hacking it when you take a system not using it then physically replace the hardware module with a compromised one so that when it is later enabled it is rendered ineffective.
That would be straight up sabotage, slightly different but different all the same.
 

Sycraft

Supreme [H]ardness
Joined
Nov 9, 2006
Messages
4,994
It’s not exactly hacking it when you take a system not using it then physically replace the hardware module with a compromised one so that when it is later enabled it is rendered ineffective.
That would be straight up sabotage, slightly different but different all the same.
Well it is something that hopefully vendors will clean up in the implementation. The hope with a TPM is that even if a bad actor gets their hands on a system physically, and has unrestricted access to it, they still can't get at the data the TPM protects, which would include the HDD if encrypted using the TPM to hold the key. So it would be good if even this kind of attack were able to be engineered against in the future. However that's a hardware issues, not software. It is also true that you really should look at it more as a device to deter more casual attackers and assume if a targeted, dedicated attacker steals a system they will get in.

The security group is crowing about this because they are the first ones to do it publicly and they are proud of themselves for coming up with it. However if you are the company, the part of the report that you are concerned with is how they got in to your servers after that. Even having a decrypted laptop they shouldn't have been able to get access so there is where the company would be looking for how they should improve their security.
 

Lakados

Supreme [H]ardness
Joined
Feb 3, 2014
Messages
4,713
Well it is something that hopefully vendors will clean up in the implementation. The hope with a TPM is that even if a bad actor gets their hands on a system physically, and has unrestricted access to it, they still can't get at the data the TPM protects, which would include the HDD if encrypted using the TPM to hold the key. So it would be good if even this kind of attack were able to be engineered against in the future. However that's a hardware issues, not software. It is also true that you really should look at it more as a device to deter more casual attackers and assume if a targeted, dedicated attacker steals a system they will get in.

The security group is crowing about this because they are the first ones to do it publicly and they are proud of themselves for coming up with it. However if you are the company, the part of the report that you are concerned with is how they got in to your servers after that. Even having a decrypted laptop they shouldn't have been able to get access so there is where the company would be looking for how they should improve their security.
The bigger issue is what if they intercept it while it’s new in box being delivered to you. Say CompanyX orders 200 laptops and they get intercepted from the OEM. The bad actors use a team and swap out the TPM modules, rebuild the image, repackage them and send them on their way with barely a blip in the tracking. CompanyX get and deploys them all, possibly even turning on all the correct features to match their deployment image but by that stage it’s all for not. That is the real use for this attack, it might take longer than 30 min, but an IT department probably isn’t going to be concerned if a pallet or two of laptops shows up a day later than originally estimated assuming they got an estimate on the delivery at all. Once things get passed off to a freight company all bets are usually off.
 

Sycraft

Supreme [H]ardness
Joined
Nov 9, 2006
Messages
4,994
The bigger issue is what if they intercept it while it’s new in box being delivered to you. Say CompanyX orders 200 laptops and they get intercepted from the OEM. The bad actors use a team and swap out the TPM modules, rebuild the image, repackage them and send them on their way with barely a blip in the tracking. CompanyX get and deploys them all, possibly even turning on all the correct features to match their deployment image but by that stage it’s all for not. That is the real use for this attack, it might take longer than 30 min, but an IT department probably isn’t going to be concerned if a pallet or two of laptops shows up a day later than originally estimated assuming they got an estimate on the delivery at all. Once things get passed off to a freight company all bets are usually off.
Then you are screwed. There is no such thing as perfect security, you have to figure out what your level of risk to attack is and respond accordingly. For most companies, this is a totally unrealistic risk. An attacker as well equipped and motivated as that might just instead decide to bribe or kidnap the sysadmin who has full access to everything. I mean if someone puts a gun to my head and tells me to let them in to work systems, I'm doing it, I'm not going to die for my job.

You can't fly off in to fanciful worlds of what might happen if a national intelligence agency went after your business because the answer is "They will get the data," because you aren't going to be willing to take all the very inconvenient and expensive steps you would need to stop them. That's what an attack like this would require. Yes the NSA has been known to do such things. However some group of randos from Evil Hacker Inc is not going to get FedEx to reroute a package for them. It is a threat not worth worrying about.
 

Lakados

Supreme [H]ardness
Joined
Feb 3, 2014
Messages
4,713
Then you are screwed. There is no such thing as perfect security, you have to figure out what your level of risk to attack is and respond accordingly. For most companies, this is a totally unrealistic risk. An attacker as well equipped and motivated as that might just instead decide to bribe or kidnap the sysadmin who has full access to everything. I mean if someone puts a gun to my head and tells me to let them in to work systems, I'm doing it, I'm not going to die for my job.

You can't fly off in to fanciful worlds of what might happen if a national intelligence agency went after your business because the answer is "They will get the data," because you aren't going to be willing to take all the very inconvenient and expensive steps you would need to stop them. That's what an attack like this would require. Yes the NSA has been known to do such things. However some group of randos from Evil Hacker Inc is not going to get FedEx to reroute a package for them. It is a threat not worth worrying about.
Well the article describes a scenario where a courier diverts the configured laptop on its way to the employee where the hackers then have unrestricted physical access to it for some period of time to compromise it. It’s not that big of a stretch, the only difference is I’ve proposed it from the other side of the supply chain, which is not only easier to compromise but also has far more hand offs and fewer tracking measures.
 

cybereality

[H]F Junkie
Joined
Mar 22, 2008
Messages
8,489
There are cases where this could happen. What if you leave your laptop in a hotel room and the maid moonlights as a hacker? The article said they only needed 30 minutes. More than enough time if you go get breakfast or visit the pool.

Or maybe you work at a big company, and some disgruntled employee wants to leak documents and make it look like you did it. Evil roommates. Maybe a TSA checkpoint. I mean, it's an unlikely attack but still possible.
 

Mchart

Supreme [H]ardness
Joined
Aug 7, 2004
Messages
4,818
The bigger issue is what if they intercept it while it’s new in box being delivered to you. Say CompanyX orders 200 laptops and they get intercepted from the OEM. The bad actors use a team and swap out the TPM modules, rebuild the image, repackage them and send them on their way with barely a blip in the tracking. CompanyX get and deploys them all, possibly even turning on all the correct features to match their deployment image but by that stage it’s all for not. That is the real use for this attack, it might take longer than 30 min, but an IT department probably isn’t going to be concerned if a pallet or two of laptops shows up a day later than originally estimated assuming they got an estimate on the delivery at all. Once things get passed off to a freight company all bets are usually off.
This happens every day already, and is why there are solutions from some of the larger OEMs to guard against this, but it costs more money.
 

Mchart

Supreme [H]ardness
Joined
Aug 7, 2004
Messages
4,818
It was also unused until Microsoft announced that Windows 11 now requires it. So naturally people are going to try and hack it.
TPM for drive encryption has been heavily used on the enterprise/corporate side for a while now.
 

DukenukemX

Supreme [H]ardness
Joined
Jan 30, 2005
Messages
5,875
TPM for drive encryption has been heavily used on the enterprise/corporate side for a while now.
Like I said, it was unused. The amount of people that will need it for Windows 11 vs the enterprise is so large that the enterprise use of it might as well be nothing. The amount of people who want it defeated are going to be orders of magnitude larger. How well has it worked when zero day exploits still compromise enterprise servers and demand ransomware?
 

bigddybn

Supreme [H]ardness
Joined
Nov 21, 2006
Messages
7,504
Didn't even read the article. If an attacker has physical access to your machine then it's game over already.
 

cpufrost

Limp Gawd
Joined
Sep 28, 2020
Messages
236
You can have a Medeco high security lock defeated by something as simple as a key left under a mat too! ;-)
 

noko

Supreme [H]ardness
Joined
Apr 14, 2010
Messages
6,644
What if Ryzen fTPM is used? Firmware based inside of the CPU, using the security ARM processor. There would be no external bus to probe. Why article did not mention other designs that prohibit this type of physical hack? Seems like networks, computer systems etc. are built with a deck of cards.
 

cybereality

[H]F Junkie
Joined
Mar 22, 2008
Messages
8,489
Yeah, good point. I think the fTPM would be better in this case, or at least make this specific method unusable.
 
Top