New Flaws in TPM 2.0 Library Pose Threat to Billions of IoT and Enterprise Devices

2023-03-03 10:18

"These vulnerabilities can be triggered from user-mode applications by sending malicious commands to a TPM 2.0 whose firmware is based on an affected TCG reference implementation," the Trusted Computing Group said in an advisory.

Large tech vendors, organizations using enterprise computers, servers, IoT devices, and embedded systems that include a TPM can be impacted by the flaws, Quarkslab noted, adding they "Could affect billions of devices."

TPM is a hardware-based solution that's designed to provide secure cryptographic functions and physical security mechanisms to resist tampering efforts.

"The most common TPM functions are used for system integrity measurements and for key creation and use," Microsoft says in its documentation.

"During the boot process of a system, the boot code that is loaded can be measured and recorded in the TPM.".

"Users in high-assurance computing environments should consider using TPM Remote Attestation to detect any changes to devices and ensure their TPM is tamper proofed," the CERT Coordination Center said in an alert.

News URL

https://thehackernews.com/2023/03/new-flaws-in-tpm-20-library-pose-threat.html

#IOT #threat