Tag Archive for: chip

Apple Chip Flaw Leaks Secret Encryption Keys

/in


The next time you stay in a hotel, you may want to use the door’s deadbolt. A group of security researchers this week revealed a technique that uses a series of security vulnerabilities that impact 3 million hotel room locks worldwide. While the company is working to fix the issue, many of the locks remain vulnerable to the unique intrusion technique.

Apple is having a tough week. In addition to security researchers revealing a major, virtually unpatchable vulnerability in its hardware (more on that below), the United States Department of Justice and 16 attorneys general filed an antitrust lawsuit against the tech giant, alleging that its practices related to its iPhone business are illegally anticompetitive. Part of the lawsuit highlights what it calls Apple’s “elastic” embrace of privacy and security decisions—particularly iMessage’s end-to-end encryption, which Apple has refused to make available to Android users.

Speaking of privacy, a recent change to cookie pop-up notifications reveals the number of companies each website shares your data with. A WIRED analysis of the top 10,000 most popular websites found that some sites are sharing data with more than 1,500 third parties. Meanwhile, employer review site Glassdoor, which has long allowed people to comment about companies anonymously, has begun encouraging people to use their real names.

And that’s not all. Each week, we round up the security and privacy news we don’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Apple’s M-series of chips contain a flaw that could allow an attacker to trick the processor into revealing secret end-to-end encryption keys on Macs, according to new research. An exploit developed by a team of researchers, dubbed GoFetch, takes advantage of the M-series chips’ so-called data memory-dependent prefetcher, or DMP. Data stored in a computer’s memory have addresses, and DMP’s optimize the computer’s operations by predicting the address of data that is likely to be accessed next. The DMP then puts “pointers” that are used to locate data addresses in the machine’s memory cache. These caches can be accessed by an attacker in…

Source…

What is the Titan M2 security chip in Google’s Pixel phones?

/in


Google IO 2022 titan m2 in the pixel 6a

With the Pixel 6 series, Google began developing its in-house Tensor SoC. But that wasn’t the first time the search giant used a piece of custom silicon in its smartphones – the Pixel 2’s Pixel Visual Core was technically the first. One generation later, the company announced that Pixel 3 devices would include a hardware security module dubbed Titan M. Then, in 2021, Google followed it up with the Titan M2. The security chip has since become a selling point for Google phones like the Pixel 8 series.

So in this article, let’s take a closer look at the role of the Titan M2 in Pixel devices, how it works, and why it’s even necessary in the first place.

What is the Titan M2 chip all about?

Picture showing Google's Titan and Titan M security chip

Google’s Titan server chip (left) and first-generation Titan M security chip (right)

The Titan M2 is a dedicated security chip included in Pixel 6 and Pixel 7 series smartphones. You’ll also find it in some other Google products like the Pixel Tablet. Google designed the Titan M2 in-house so that it could exercise complete control over its feature set. The chip is based on the RISC-V CPU architecture and contains its own memory, RAM, and cryptographic accelerator.

The Titan M2 is one of the many measures Google has employed to improve smartphone security over the years. The company uses the chip in its Pixel phones to provide an additional layer of protection on top of Android’s default security measures.

Google designed the Titan M2 chip to augment Android’s default security measures.

Take Android’s mandatory full-disk encryption. On most devices, it relies on a security feature known as a Trusted Execution Environment (TEE), which is essentially the secure area of a processor. Android devices store their encryption keys within this secure area, which is in turn guarded with your pattern, PIN, or passcode. In other words, the TEE isolates cryptographic keys and never reveals them to the user or even the operating system.

Virtually all smartphone SoCs in this day and age have a TEE or similar secure environment. On Snapdragon chips, it’s commonly referred to as the Qualcomm Secure Execution Environment (QSEE). Apple’s Arm-based chips like the M1 have the Secure Enclave. With these…

Source…

Engineering faculty-researcher awarded grant to decrease computer chip vulnerabilities

/in


Michael Zuzak, a faculty-researcher at Rochester Institute of Technology, is one of a growing field of engineers looking to improve computer chip security during manufacturing. Current solutions focus on securing specific regions of the chip design. This leaves the larger architecture vulnerable to compromise. Zuzak’s work to secure the entire chip could prevent piracy and help protect intellectual property.

“To get chips fabricated, you have to send the entire design to the manufacturer. Ultimately what we want to protect is what the company considers high value. We want to allocate security to more sensitive, unique parts of the system. The hope is that we will have the ability to prevent intellectual property theft during the entire semiconductor fabrication,” said Zuzak, an assistant professor of computer engineering in RIT’s Kate Gleason College of Engineering.

Zuzak received a two-year National Science Foundation grant to use the developmental practice of logic obfuscation to enable system-wide security during the manufacturing and testing of integrated circuits, also referred to as computer chips.

Global manufacturing companies mass produce integrated circuits. For fabrication, these companies are given extensive design files that can be counterfeited, pirated, or modified. This threatens “high-trust” applications such as healthcare and defense. Logic obfuscation was developed to mitigate threats. The proposed project will develop a design space modeling framework to automatically identify obfuscation configurations capable of system-wide security.

Zuzak is an expert in hardware security and methods to design and manufacture secure and reliable electronic systems. Hiding functionality during the production process is a way to ensure that the design cannot be modified or counterfeited.

“We’ve gotten very good at locking specific parts of the chip. What I am looking at is how we distribute obfuscation optimally throughout the full system to secure it as a whole rather than just specific modules within the chip,” said Zuzak, who is developing AI-driven algorithms to perform security assessments of the physical design that are resistant to…

Source…

China curbs exports of key computer chip materials

/in


Gloved hand holding a microchip.

Gloved hand holding a microchip.

The Chinese government is tightening controls over exports of two key materials used to make computer chips.

From next month, special licenses will be needed to export gallium and germanium from China, which is the world’s biggest producer of the metals.

It comes after Washington’s efforts to curb Chinese access to some advanced microprocessors.

The announcement comes just days before a high-stakes trip to Beijing by US Treasury Secretary Janet Yellen.

On Monday, China’s Ministry of Commerce said the restrictions were needed to “safeguard national security and interests”.

The silvery metals are used in semiconductor, communications and military equipment. They are also key materials in products like solar panels.

Semiconductors, which power everything from mobile phones to military hardware, are at the centre of a bitter dispute between the world’s two largest economies.

The US has taken steps to restrict China’s access to technology it fears could be put to military use, such as chips used for supercomputing and artificial intelligence.

In October, Washington announced that it would require licences for companies exporting chips to China using US tools or software, no matter where they are made in the world.

The efforts have been joined by countries including the Netherlands and Japan.

Last week, the Netherlands announced that it would restrict exports of certain semiconductor manufacturing equipment.

This followed plans to restrict its “most advanced” microchip technology exports, which the Netherlands announced earlier this year.

The controls are expected to affect Dutch chip equipment maker ASML, a key player in the global microchip supply chain.

Meanwhile, Japan plans to restrict some of its computer-chip making exports.

The measures, which were announced in March, will affect 23 types of semiconductor manufacturing equipment.

China has frequently called the US a “tech hegemony” in response to export controls imposed by Washington.

In recent months, Beijing has imposed restrictions on US firms linked to the American military, such as aerospace company Lockheed Martin.

US Treasury Secretary Janet Yellen, who is due to make a four-day visit to…

Source…