this post was submitted on 17 Jul 2024
677 points (99.0% liked)

PC Gaming

8675 readers
1019 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] rtxn 81 points 4 months ago (3 children)

The dedicated TPM chip is already being used for side-channel attacks. A new processor running arbitrary code would be a black hat's wet dream.

[–] [email protected] 51 points 4 months ago (1 children)

It will be.

IoT devices are already getting owned at staggering rates. Adding a learning model that currently cannot be secured is absolutely going to happen, and going to cause a whole new large batch of breaches.

[–] [email protected] 68 points 4 months ago

The “s” in IoT stands for “security”

[–] barsquid 5 points 4 months ago (1 children)

Do you have an article on that handy? I like reading about side channel and timing attacks.

[–] rtxn 19 points 4 months ago (1 children)

TPM-FAIL from 2019. It affects Intel fTPM and some dedicated TPM chips: link

The latest (at the moment) UEFI vulnerability, UEFIcanhazbufferoverflow is also related to, but not directly caused by, TPM on Intel systems: link

[–] barsquid 3 points 4 months ago

That's insane. How can they be doing security hardware and leave a timing attack in there?

Thank you for those links, really interesting stuff.

[–] Blue_Morpho 2 points 4 months ago (1 children)

It's not a full CPU. It's more limited than GPU.

[–] rtxn 18 points 4 months ago (1 children)

That's why I wrote "processor" and not CPU.

[–] Blue_Morpho 1 points 4 months ago* (last edited 4 months ago)

A processor that isn't Turing complete isn't a security problem like the TPM you referenced. A TPM includes a CPU. If a processor is Turing complete it's called a CPU.

Is it Turing complete? I don't know. I haven't seen block diagrams that show the computational units have their own cpu.

CPUs also have co processer to speed up floating point operations. That doesn't necessarily make it a security problem.