Hardware hacker Christopher Tarnovsky just wanted to break Microsoft's grip on peripherals for its Xbox 360 game console. In the process, he cracked one of the most heavily fortified chips ever put into a consumer device. The attack by the former US Army computer-security specialist is notable because it goes where no hacker …
"They have a right to do it, but I have a right to break it too."
I have a nagging suspicion that the DMCA specifically says you *don't* have the right to break it!
expect he means a moral right.
I thought that too when I read that line in the article. But then, thinking about it a little more, and not having read the DMCA legislation, I wonder: does it also apply to hardware, or is it just software?
Either way, cool stuff the guy has done there, legally or not.
(Palindromic titles, eh?)
The DMCA is a copyright act, so unless you are breaking the chip to make an illegal copy, it probably doesn't apply.
indentically true ?
moral != law && moral > law
US law != world law
The DMCA only applies to those willing to risk travel to the US or indigenous serfs of the corporations there who buy such laws from US Congress inc.
Okay, I have my focused ion beam workstation on order
just how microscopic are those needles?
I am amazed by this crack using an electron microscope to work out the inner workings of a chip, amazing. Just goes to show how hard secure is to create, there is always a way around if you are determined enough.
"This device should not have been readily available for a researcher like me."
Not only it should, but it proved invaluable to Infineon, which will probably not make the same mistakes twice. But the day Infineon blocks anyone of having their chips is the day they'll be less and less secure.
There are some problems with your post.
"But the day Infineon blocks anyone of having their chips is the day they'll be less and less secure."
The only way that Infineon can stop anyone getting their chips is to stop making them and selling them. However that makes no money for the shareholders.
If Infineon sell them to anyone, people can get them. After all, that is how people reverse engineer SKY TV cards; they get a sky box and look at the chip.
Then if they are not used in anything, there is no reason for anyone to need to break^H^H^H^H^H "fix" them :)
A beer for persistance, but I think just buying a controller for his XBox would have been cheaper!
I'd be pretty sure infineon knew what they were doing and knew exactly how the chip could be broken but just figured no hacker would go to the trouble of doing it. (The equipment is very very expensive)
Infineons competitors in STM, Atmel, TI etc would have all the equipment and expertise to break the chip. They would even have a head start over Tarnovsky as they would know how the general architecture of the chip. I'd be very surprised if they hadn't "broken" the chip ages ago. they just wouldn't tell anyone about it.
"I'd be pretty sure Infineon knew what they were doing and knew exactly how the chip could be broken but just figured no hacker would go to the trouble of doing it. (The equipment is very very expensive)"
Equiptment like desk top computers and mobile phones were very expensive at one time. I don't think anyone would be interested in a microscope that can only focus on a silicon chip but the possibility exist of making an imager that will do the job just that job and someone could in theory churn them out wholesale.
As for rights to analyse equiptment, this has always been the case. Guilds have been formed to protect marketable systems since the year dot and hacks are as old as cave drawings.
What will be has been and ever shall.
Is this level of security really required everywhere. To stop cloned ink cartridges just so that the printer manufacturer can charge prices higher than gold for replacement ones? Why not try a different business model, one where you get money for adding value rather than fleecing your customers.
Better product evaluations would help - some
If those who review printers and such gizmos would do more critical analyses - including cost-per-page with warnings of proprietary consumables - instead of just regurgitating marketing pap - it would go a long way toward informing potential purchasers of the "real" price. Maybe a web-site evaluating the evaluators would help too.
I for one simply won't buy one of those printers that locks you into expensive proprietary ink cartridge systems. That anyone would do so is a source of amazement to me. Would you buy a car that could only be refueled at a Shell station?
Naming names, I have never bought Epson and will never again buy Lexmark (different issue). I am currently using a Brother and refilling the cartridges.
Which magazine are very good at providing running costs in their product evaluations... whether they're looking at printers or fridge freezers.
Isn't this just ...
another example of how the ultimate business model is not competing with anyone, while the chief moral (?) justification of existing as a business is being part of the free market ? [Doesn't compute: logic fail.]
"money for adding value"
Trouble is, that doesn't really work if you're a lazy, near-incompetent has-been who were once able to Invent but have long since lost the plot and are now relying purely on market muscle for continued success. HP printers and Microsoft software being two obvious examples.
lazy, near-incompetent HP
I think you have the wrong angle here. I don't think it because they are lazy, it's more execs who look at the engineers scientists, and labs and say they are not doing anything to help the size of my bonus or the value of my stock options TODAY so kill them off, or outsource them to China. By the time we fall behind my bank account will be nice and fat and I can move on.
It's all about the bottom line.
They're protecting their bottom line. They have the right to do that.
If you're fed up with high prices on a monopolised ink market, change. You have the right to do that.
Panasonic's another; and others have gone further
Panasonic's firmware change to stop their cameras working with third-party batteries is another.
I once worked on the software inside laser printers, and we sometimes got prototype / early production models. One (I can't remember which make) had what appeared to be a fuse-like mechanism on the waste toner bucket, designed to blow when the bucket was full, so the consumer would have to buy a new empty container rather than simply emptying the old one.
The right yes; the ability no
What good is the right to do something in theory, without the ability to do it in practice?
If you know of somebody who is selling printers that are designed to use cheap, generic bulk ink, then please enlighten us all. Otherwise, talk of rights is just sophistry.
Follow the money!
"The requirement offended his sense of fair play, so he put his reverse engineering muscle to breaking it."
Nope don't buy that. He and his company just wanted to publicise their security business.
If that was all there was behind it, it was a very poor use of money. They must have some other uses in mind for this information.
Sometimes it's justified!
And maybe a strong sense of right and wrong is part of the package of someone so unusually determined? Which isn't to say his sense of right and wrong is right or wrong. But usually the one who actually does the groundbreaking work is doing it for rather more esoteric reasons than you ascribe.
Re: just how microscopic are those needles?
I used to work for a chip maker doing testing. We needed to be able to put a probe onto a line to take measurements. Line sizes have shrunk since then but I'm sure the test equipment manufactures have kept pace. The problem isn't just the needles but the micro manipulators to position them. Then you have loads of fun keeping it all still enough.
Thats just amazing!
As a keen electronics enthusiast, I found this article very interesting!!
Thats just ******* amazing! Both the lengths greedy manufacturers (e.g. Lexmark) go to so they can rip you off and the skill, patience and determination this army bloke had/has!!
Time and Money
Wish I had the time and resources to do the same thing... it is not rocket science even. Just reasonable skill and a lot of time and money.
More fascinating would have been a crack of certain organic machinery algorithms... but that requires more skill (and of course time and money). I'd go for it except that its a struggle just to survive on the ever shrinking private sector income... should have taken a fat cushy government job... more pay, less hours, and a retirement inome.
Ah, mines the tattered jacket with the biohazard symbol on the back. Careful about the flask of powder in the pocket please.
Keep IT Simple Stupid
"I'd go for it except that its a struggle just to survive on the ever shrinking private sector income... should have taken a fat cushy government job... more pay, less hours, and a retirement inome." .... Anonymous Coward Posted Thursday 18th February 2010 01:01 GMT
If the private sector, which has suffered massive pension plan losses/criminal fraud and common theft in recent times, simply put their members' contributions in the same funds and with the same fund managers as provide the wizardry which feathers and guarantees the fat cushy government job ... more pay, less hours, and an obscene retirement income, then will all be secured and insured and assured of a cosy future with no income worries.
Shurely shome mishtake?
That would be true were the Public sector to actually have funds, managers et. al. They do it by paying their pensioners out of current tax revenues, there's no investment of contributions to provide a pension later going on here. This works by having an infinite supply of money that's scalped from the taxpayer rolling in.
You don't have to be a financial genius to figure out why this is unsustainable long term and why there's such a drive to raise public sector retirement ages.....
Not going to work
If it's the UK, the public sector gets its money from the taxpayers to pay for pensions. I don't quite see the private sector managing to tap that source.
You have to be both blind and dyslexic to have missed the bailouts of the favoured private business: The Banks!
Sterp over and help us
I am working on some earth science cuting edge stuff and would welcome any input. It doesn't cost anything once you have an internet connection.
Take a look at the storm reports page of the USA's NWS and compare the days for tornado activity with the North Atlantic sea level pressure charts from the previous day.
Ditto for days when there were severe earthquakes.
Some people can get it and some can't. If you think you are a scientist a real one that is not a paid professor of doublespeak, get out of your bed and follow me.
Anyone know anything about Euler geometry?
<Nerd Wanted icon wanted>
They don't have the right... if they don't server the consumer, and benefit the economy as a whole, they don't have the right... break them up.
Do I hear an AMEN?
Right! It's a pity that a security hacker has to be the one to reveal the lengths and depths that monopolists and oligopolists will go to in order to eliminate competition - the only thing that justifies market economies. It should be resolvable in anti-trust litigation - if only successive administrations and congresses had not been bought off by the very corporations and conglomerates that they are supposed to be regulating. I'd go into the recent SCOTUS decision on election funding, but it's too nauseating.
Targets for the Electron Microscope
Instead of wasting time on games. Point that electron microscope at electronic vote tabulation devices. There could be bad logic in there too, and it could undermine government itself.
You don't need microscopic needles to find the flaws in electronic vote-tabluating machines. There are plenty of expert published papers around explaining how they should work, and none is implemented accordingly.
Then again, until politicians actually do something sufficiently worthwhile and different to get more than 25% or so of people to actually bother to vote it hardly seems to matter, does it.
How does Infineon believe going to a full cryptoprocessor will help them against a pure physical attack where someone has raw access to the internal wirings of a processor? After all, even in a cryptoprocessor either the cipherkey or the means to produce it must exist on the processor SOMEWHERE.
As for Tarnovsky's comment about the availability of the chips, it's really quite simple. It's impossible to limit the sale of a commodity part (a part meant to be everywhere). It's like trying to restrict the flow of grains. More than likely the Hong Kong places simply got the chips from foundries in nearby China that turn them out in massive lots (most chips are made this way now).
availability of copies on international surplus markets
This is a side effect of the exportation of chip manufacturing technology by the US semiconductor industry during the 1970's and 1980's, which continues to this day, because they've forced themselves into their current situation. Create a new chip die today, and there are lots now lots of people out there who can clone it - and build it more cheaply than you can.
The US semi-conductor industry literally committed a form of slow industrial suicide back in the '70's and 80's, by outsourcing all of the manufacturing. To this day, our corporate titans are still too dense to realize that you can't offshore the manufacturing without also offshoring nearly all of the engineering expertise required to design and manufacture the device in the first place.
So no, nothing in this article surprises me.
Moving to a full crypto core will make it far more difficult for this kind of hack.
The physical penetration of the chip was only the first step. After he ahd circumvented the wire mesh and the optical sensors he used the mirco needles to probe the data bus.
The data is stored on the chip encrypted in the Flash memory. There is a dedicated circuit on the chip that decrypts the data and sends it to the processor. so the data is sent in the "clear". It was these unencrypted lines that he probed and knowing how this type of processor core works he was able to interpret this data and "break" the chip.
Going with a fully encrypted core means that finding the block of logic that does the encryption will be all but impossible. Have you seen what a block of logic at 90nm looks like?
Tarnovsky did a presentation on this attack at black hat in DC a few weeks ago.
The presentation is available on line. It's very top level and not very technical. He tends to ramble though so it's about 40mins long.
Well for a start, Infineon are a German company, not a US one. And cloning the IP of the world's most popular security chip is not a simple matter.
Secondly, you can design a chip anywhere in the world, but to manufacture them cost effectively, you need a massive big facility. This is a billion dollar investment so you need a big flat area of land that is also free of earthquakes. Then you need access to a well-trained but not especially academic workforce, to wear the bunny suits. finally of course you need to do this in a country that has relatively lax laws regarding the use of lots of nasty chemicals.
some clarifications from an insider
Infineon's memory spinoff Qimonda already went tits up and Infineon is struggling bad these days. Much of the reason is because European labor is too expensive compared to asian labor and thus the outsourcing. Free of earthquakes is nice but it seems actually most of the worlds fabs are built very close to faultlines (Silicon valley, Japan, etc) and they have strategies to deal with all but a massive earthquake. In addition to a flat area of land an obvious economic requirement is the land should be very cheap and yet near an airport (fabs needs lots of materials and equipment from all over the world to operate). Also actually with modern almost lights out fabs, bunny suit operators are less important than finding educated people willing to work hard and fairly cheap and be willing to live near the fab (cheap land above means usually not in real nice area). Yes the chemicals are nasty but fabs tend to be some of the safest manufacturing plants there is (in developed world). I have heard horror stories in Asia though of disabling gas alarms because they kept going off and the product is much more valuable than the serfs working in the fab. Still what is really hurting the industry in the developed world is very few college grads want to pidgeon hole themselves in manufacturing and soon all the baby boomers will retire.
I'd be interested to see this presentation but Google isn't coming up trumps at the moment.
I really hope they buy his "researcher" take on this, otherwise as quick as you can say DMCA, he's off to jail.
Regardless of the legal outcome, this dude is no officially my hero.
It’s not a beer, is the contents of the can of pure awesome this dude opened up.
Yeah - if he's American. DMCA don't apply to the other 6 billion of the world's citizens outside the land of the free
DMCA and the rest of the world...
"DMCA don't apply to the other 6 billion of the world's citizens outside the land of the free"
6.5ish Billion. And you just wait until ACTA is ratified.
Did Apple do the same thing in the iPad's A4 proc?
DMCA? Maybe not so much
Check out their web site. This is what they do. For all we know Infineon paid them to do this, allowed them to publish the results but not disclose their funding source. Note the timing of the new chip, this could be a trick to boost its sales.
It is quite odd, isn't it, that he publishes his results at the same time a new chip is being announced that "denies" this attack... when there isn't any real demand for a new chip?
After all, why would you buy the new, higher priced chip if you can get the one everyone else is relying on for only $0.15 a pop, eh?
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...