this post was submitted on 17 Jul 2024
679 points (99.0% liked)
PC Gaming
8642 readers
453 users here now
For PC gaming news and discussion. PCGamingWiki
Rules:
- Be Respectful.
- No Spam or Porn.
- No Advertising.
- No Memes.
- No Tech Support.
- No questions about buying/building computers.
- No game suggestions, friend requests, surveys, or begging.
- No Let's Plays, streams, highlight reels/montages, random videos or shorts.
- No off-topic posts/comments, within reason.
- Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The dedicated TPM chip is already being used for side-channel attacks. A new processor running arbitrary code would be a black hat's wet dream.
It will be.
IoT devices are already getting owned at staggering rates. Adding a learning model that currently cannot be secured is absolutely going to happen, and going to cause a whole new large batch of breaches.
The “s” in IoT stands for “security”
Do you have an article on that handy? I like reading about side channel and timing attacks.
TPM-FAIL from 2019. It affects Intel fTPM and some dedicated TPM chips: link
The latest (at the moment) UEFI vulnerability, UEFIcanhazbufferoverflow is also related to, but not directly caused by, TPM on Intel systems: link
That's insane. How can they be doing security hardware and leave a timing attack in there?
Thank you for those links, really interesting stuff.
It's not a full CPU. It's more limited than GPU.
That's why I wrote "processor" and not CPU.
A processor that isn't Turing complete isn't a security problem like the TPM you referenced. A TPM includes a CPU. If a processor is Turing complete it's called a CPU.
Is it Turing complete? I don't know. I haven't seen block diagrams that show the computational units have their own cpu.
CPUs also have co processer to speed up floating point operations. That doesn't necessarily make it a security problem.