You are viewing a single thread.
View all comments
81 points

The dedicated TPM chip is already being used for side-channel attacks. A new processor running arbitrary code would be a black hat’s wet dream.

permalink
report
reply
51 points

It will be.

IoT devices are already getting owned at staggering rates. Adding a learning model that currently cannot be secured is absolutely going to happen, and going to cause a whole new large batch of breaches.

permalink
report
parent
reply
66 points

The “s” in IoT stands for “security”

permalink
report
parent
reply
5 points

Do you have an article on that handy? I like reading about side channel and timing attacks.

permalink
report
parent
reply
19 points

TPM-FAIL from 2019. It affects Intel fTPM and some dedicated TPM chips: link

The latest (at the moment) UEFI vulnerability, UEFIcanhazbufferoverflow is also related to, but not directly caused by, TPM on Intel systems: link

permalink
report
parent
reply
3 points

That’s insane. How can they be doing security hardware and leave a timing attack in there?

Thank you for those links, really interesting stuff.

permalink
report
parent
reply
2 points

It’s not a full CPU. It’s more limited than GPU.

permalink
report
parent
reply
18 points

That’s why I wrote “processor” and not CPU.

permalink
report
parent
reply
1 point
*

A processor that isn’t Turing complete isn’t a security problem like the TPM you referenced. A TPM includes a CPU. If a processor is Turing complete it’s called a CPU.

Is it Turing complete? I don’t know. I haven’t seen block diagrams that show the computational units have their own cpu.

CPUs also have co processer to speed up floating point operations. That doesn’t necessarily make it a security problem.

permalink
report
parent
reply

PC Gaming

!pcgaming@lemmy.ca

Create post

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let’s Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

Community stats

  • 4.9K

    Monthly active users

  • 1.8K

    Posts

  • 12K

    Comments