During Blackhat DC 2010 Christopher Tarnovsky a researcher announced that he had broken through the defense mechanisms of Infineon's security chip. The chip has multiple mechanisms to protect itself from tempering with it. Making it the choice for many vendors to implement it in its devices. As the German Enigma during World War II has shown nothing holds for ever. Now Infineon, a German company, has to see once again that blind trust in its engineering is a recipe for the wrong attention. In this case Mr. Tanovsky worked his way step by step through the defense mechanism of the chip, having in the end ultra-small needles tap into the data bus. He then could readout encryption keys and other internal data of the chip. Tarnovsky informed Infineon of the flaws he had discovered, but so far Infineon has not responded.
According to Dark-Reading he told the Black-Hat audience: "Their initial reaction was to tell me that what I'd done was impossible," he said. "Then when I sent them some video and the code that I just showed [to the Black Hat audience], they went quiet. I have not heard back from anybody."
History repeats and blind trust in your engineering is never a good idea.
Read more: http://mobile.darkreading.com/9287/show/575baa2ef08cb38a3077417686e53489&t=0cd88a4fad7a9f5ce08e7b67d7d418d3
1SSA - Security Consulting, Training and Products
Attend our Oracle Security classes - Learn how to secure your Oracle databases
skip to main |
skip to sidebar
Solutions that protect your assets and people in a changing world
The latest news around Information Security from various sources.
Solutions that protect your assets and people in a changing world
Who is reading
Search This Blog
Security News Digest
Posts
Subscribe Email
Digg & Twitter
 |
Disclaimer
Links to third party Web sites on this Site are provided solely as a convenience to you. If you use these links, you will leave this Site. 1SSA has not reviewed all of these third party sites and does not control and is not responsible for any of these sites or their content. Thus, 1SSA does not endorse or make any representations about them, or any information, software or other products or materials found there, or any results that may be obtained from using them. If you decide to access any of the third party sites linked to this Site, you do this entirely at your own risk.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.
References/Quotes/Copyright
It is hereby granted to Copy/Link/Quote material found on the 1SSA Blog, but only(!) when a reference to the 1SSA site or this blog is being made.