Wednesday, February 03, 2010

From Enigma to Infinion's security chip...

During Blackhat DC 2010 Christopher Tarnovsky a researcher announced that he had broken through the defense mechanisms of Infineon's security chip. The chip has multiple mechanisms to protect itself from tempering with it. Making it the choice for many vendors to implement it in its devices. As the German Enigma during World War II has shown nothing holds for ever. Now Infineon, a German company, has to see once again that blind trust in its engineering is a recipe for the wrong attention. In this case Mr. Tanovsky worked his way step by step through the defense mechanism of the chip, having in the end ultra-small needles tap into the data bus. He then could readout encryption keys and other internal data of the chip. Tarnovsky informed Infineon of the flaws he had discovered, but so far Infineon has not responded.

According to Dark-Reading he told the Black-Hat audience: "Their initial reaction was to tell me that what I'd done was impossible," he said. "Then when I sent them some video and the code that I just showed [to the Black Hat audience], they went quiet. I have not heard back from anybody."

History repeats and blind trust in your engineering is never a good idea.

Read more:

1SSA - Security Consulting, Training and Products
Attend our Oracle Security classes - Learn how to secure your Oracle databases