- by Stingray, this blog national security journalist
A Western intelligence source was quoted as saying to an open-source intelligence blog that the news of the Infineon chip being cracked has raised some concern with global security apparatus that terrorist will purchase the know-how and attempt to hack Infineon’s well known anti-hacking chips.
- “Unfortunately, various types of chips from Infineon are used all over the globe for high security sensitive purposes like e-passports and radar systems. When its flagship gets hack, it says others chips from Infenion can also be hacked,” said the intelligence source.
The source also said that that news of the hacking method, in general, is now widely known-and terrorist may attempt to try to hack the Infeneon chip-based on what is now known.
The following is from Yahoo Tech:
Former U.S. military security specialist Christopher Tarnovsky found a weakness in Infineon’s SLE66 CL PE and presented the results of his hack at the Black Hat 2010 computer security conference. The Infineon chip is used in PCs, satellite TV hardware, and gaming consoles to protect secure data.
Tarnovsky, who works for security firm Flylogic, said that cracking the Infineon chip, which has a Trusted Platform Module (TPM) designation, was a long process involving an electronic microscope (which retails for around $70,000). The attack on the chip took six months to plan and execute, and it involved dissolving the outer part of the chip with acid and using tiny needles to intercept the chip’s programming instructions.
After gaining physical access to the chip, Tarnovsky still had to navigate the chip’s software defenses. According to the Associated Press, Tarnovsky remarked that “This chip is mean, man–it’s like a ticking time bomb if you don’t do something right.”
Does this mean that Infineon’s flagship secure chip has been entirely compromised? Infineon was aware that a physical hack was possible, but a company representative notes that an attack of this sort would require resources beyond that of the typical cracker. Joerg Borchert, a vice president of security at Infineon, told the AP that, because this attack requires a combination of physical access to the chip, a smart hacker, and expensive equipment, “the risk is manageable, and you are just attacking one computer.”