this post was submitted on 17 Jul 2024
688 points (99.0% liked)

PC Gaming

8783 readers
560 users here now

For PC gaming news and discussion. PCGamingWiki

Rules:

  1. Be Respectful.
  2. No Spam or Porn.
  3. No Advertising.
  4. No Memes.
  5. No Tech Support.
  6. No questions about buying/building computers.
  7. No game suggestions, friend requests, surveys, or begging.
  8. No Let's Plays, streams, highlight reels/montages, random videos or shorts.
  9. No off-topic posts/comments, within reason.
  10. Use the original source, no clickbait titles, no duplicates. (Submissions should be from the original source if possible, unless from paywalled or non-english sources. If the title is clickbait or lacks context you may lightly edit the title.)

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] rtxn@lemmy.world 82 points 5 months ago (3 children)

The dedicated TPM chip is already being used for side-channel attacks. A new processor running arbitrary code would be a black hat's wet dream.

[–] MajorHavoc@programming.dev 51 points 5 months ago (1 children)

It will be.

IoT devices are already getting owned at staggering rates. Adding a learning model that currently cannot be secured is absolutely going to happen, and going to cause a whole new large batch of breaches.

The “s” in IoT stands for “security”

[–] barsquid@lemmy.world 5 points 5 months ago (1 children)

Do you have an article on that handy? I like reading about side channel and timing attacks.

[–] rtxn@lemmy.world 19 points 5 months ago (1 children)

TPM-FAIL from 2019. It affects Intel fTPM and some dedicated TPM chips: link

The latest (at the moment) UEFI vulnerability, UEFIcanhazbufferoverflow is also related to, but not directly caused by, TPM on Intel systems: link

[–] barsquid@lemmy.world 3 points 5 months ago

That's insane. How can they be doing security hardware and leave a timing attack in there?

Thank you for those links, really interesting stuff.

[–] Blue_Morpho@lemmy.world 2 points 5 months ago (1 children)

It's not a full CPU. It's more limited than GPU.

[–] rtxn@lemmy.world 18 points 5 months ago (1 children)

That's why I wrote "processor" and not CPU.

[–] Blue_Morpho@lemmy.world 1 points 5 months ago* (last edited 5 months ago)

A processor that isn't Turing complete isn't a security problem like the TPM you referenced. A TPM includes a CPU. If a processor is Turing complete it's called a CPU.

Is it Turing complete? I don't know. I haven't seen block diagrams that show the computational units have their own cpu.

CPUs also have co processer to speed up floating point operations. That doesn't necessarily make it a security problem.