Saturday, June 30, 2007

Black Hat Talk on TPM & BitLocker Hacking Pulled

Via ComputerWorld -

June 28, 2007 (Network World) -- A presentation scheduled for Black Hat USA 2007 that promised to undermine chip-based desktop and laptop security has been suddenly withdrawn without explanation.

The briefing, "TPMkit: Breaking the Legend of [Trusted Computing Group's Trusted Platform Module] and Vista (BitLocker)," promised to show how computer security based on trusted platform module (TPM) hardware could be circumvented.

"We will be demonstrating how to break TPM," Nitin and Vipin Kumar said in their abstract for their talk that was posted on the Black Hat site but was removed overnight Monday.
"The demonstration would include a few live demonstrations. For example, one demonstration will show how to login and access data on a
Windows Vista System (which has TPM + BitLocker enabled)," the abstract said.

BitLocker is disk-encryption technology in Microsoft's Vista operating system that relies on TPM to store keys.

In an e-mail, Vipin Kumar says, "We have pulled back our presentation from ... Black Hat. So, we won't be presenting anything related to TPM/BitLocker in Black Hat. ... We would not like to say anything about the TPM/BitLocker for the time being." He didn't respond to inquiries about why the brothers withdrew.

A spokesman for the conference was unable to offer more information. "At their request, they are no longer presenting. That is all the info I have," said the spokesman, Nico Sell, in an e-mail.

The conference brings together technically savvy security experts from business, government and the hacking community to discuss the latest security technologies. Frequently, Black Hat briefings become controversial because they point out previously unknown weaknesses in products or technologies.

The Kumars' promised exploit would be a chink in the armor of hardware-based system integrity that TPM is designed to ensure.

No comments:

Post a Comment