Web Security Blog

XBox Security Hardware Chip Hacked

whatevergoeson — Mon, 08 Mar 2010 01:11:22 +0000

An Infineon-based chip that Microsoft uses to ensure licensing compliance on XBox third-party manufacturers has recently been hacked.

According to The Record,

The attack by the former US Army computer-security specialist is notable because it goes where no hacker has gone before: into the widely used Infineon SLE 66PE, a microcontroller that carries the TPM, or Trusted Platform Module (http://www.trustedcomputinggroup.org/certification/tpm_certification) designation of security. The hack means he can access sensitive data and algorithms locked away in the chip’s digital vault and even make counterfeit clones that could fool the many devices that rely on it.

“I can get inside this chip without killing it and I can get through all the security countermeasures it has in place, physical and in software,” Tarnovsky, who is principal engineer for Flylogic, told The Register in an interview that covered many of the behind-the-scenes elements of the hack.

Its genesis came when Tarnovsky learned that manufacturers of video game controllers had to obtain a license from Microsoft for the peripherals to work on the Xbox 360. The requirement offended his sense of fair play, so he put his reverse engineering muscle to breaking it.

“I was very surprised they would put a security chip in a wired controller, as well as a wireless controller,” he said. “It’s very monopolistic what they’ve done. They have a right to do it, but I have a right to break it too.”

After dissecting a controller, he found that the chip that allowed it to communicate with the Xbox was made by Infineon. He eventually purchased dozens of related microcontrollers on the Hong Kong surplus market for 15 cents apiece.

He then employed an electron microscope called a focused ion beam workstation (price tag $250,000 used) that allowed him to view the chip in the nanometer scale so he could manipulate its individual wires using microscopic needles.

It took Tarnovsky four months to develop techniques for probing the chip and another two months to apply them to breaking the 66PE.

What he found was a chip that was locked down with multiple levels of defenses. Optical sensors, for instance, were designed to detect ambient light from luminous sources. And a wire mesh that covered the microcontroller was aimed at disabling the chip should any of its electrical circuits be disturbed.

“One wrong move and I vaporize a track on the chip,” Tarnovsky said.

Indeed, some 50 of the chips were vaporized in the course of the hack. But over time, he learned how to use the needles to penetrate the chip’s inner recesses so he could tap sensitive data that remains unencrypted so it can be processed.

Using the tungsten as microscopic bridges, Tarnovsky said, he can digitally clone chips used to prevent piracy of satellite TV service, to disable unauthorized cartridges in printers – or to make Xbox game controllers.

“You could counterfeit this chip,” he said, although he stressed he had no plans to use the hack for illegal purposes.

In a statement sent to Infineon customers last week, the company noted the time and expense required for Tarnovsky to crack the chip. But the company went on to say it was a sign of attacks to come and said engineers were already working on a more secure successor to the 66PE.

“In contrast to conventional solutions, the SLE 78 family now utilizes encryption even in the CPU itself, leaving no plaintext for the attacker,” the release stated. “Technical advances of that scale are only possible if the CPU itself is designed ‘from the scratch’ by the hardware manufacturer with security in mind, right from the beginning.”

The physical attack on the 66PE is similar to hacks cryptographers have recently waged on proprietary encryption algorithms in cordless phones(http://www.theregister.co.uk/2010/02/08/dect_phone_encryption_cracked/) and the world’s most popular smartcard (http://www.theregister.co.uk/2008/03/12/mifare_classic_smartcard_crack/). In all of them, the secret formula was lifted after sanding down the chips’ silicon and examining its circuitry using an electron or optical microscope.

“More and more things are moving to hardware, and as things move to hardware, people are analyzing these devices and getting the algorithms out and putting them back in the software,” Tarnovsky said.

While the risks of physical attacks are in many cases inevitable, he said the cracking of the 66PE was aided by its abundant supply on international surplus markets, which is something Infineon may want to consider as it readies its new generation of ultra-secure microcontrollers.

“If this is supposed to be such a secure device and it’s common-criteria certified (http://www.commoncriteriaportal.org/thecc.html), why are they available on the used surplus market?” he said. “This device should not have been readily available for a researcher like me.” ® >>

Top technology and security trends for 2010

whatevergoeson — Sun, 31 Jan 2010 20:30:12 +0000

A recent article in Baseline magazine talks about the 10 technology trends predicted for 2010.

http://www.baselinemag.com/c/a/IT-Management/10-Trends-for-2010-Piecing-Together-a-Technology-Strategy-190963/

Security is ranked at number 7 in terms of concerns but not in terms of spending. Thus, over 70 percent of the surveyed companies expect little or no further investment in security, in an environment in which security risks are estimated to be on an exponential increase. According to statistics by Association for Computer Operations Management (AFCOM), 20 percent of data centers don’t even have time to screen employees. The lack of spending is justified partly by the recessionary environment, and partly by an reactive attitude when things aren’t taken seriously until disaster strikes. Security is, in that area, similar to other fields of IT.

Another, more detailed, look into this subfield is provided by an article in InfoWorld that looks at the top security predictions for 2010.

http://www.infoworld.com/t/business/top-security-predictions-2010-523?source=rss_infoworld_news

This time, the study finds a slight overall increase (10%) in funding allocated to security as one of the top trends.

New compliance measures driven by government regulation is another trend that is sure to happen, given the recent financial meltdown.

Mobile security will become worse, as the number of mobile devices proliferate. The recent announced introduction of the Apple iPad tablet is just one of the major mobile events that we are seeing, that expand the reach of mobile devices.

As cloud computing becomes more widely adopted, it will likely see significant enhacements this year such as encryption and possible “pay per minute” security features from cloud providers such as Amazon EC2.

Desktop Virtualization appears as the 6th trend, as employers start consolidating desktop environments into virtual machines that can be more easily managed and controlled.

Government pressure on individuals to provide confidential details is seen as the seventh prevailing trend for 2010.

The death of the nationwide identity (Real ID) concept is predicted and ranked at number 8 due to the serious security risks such a system would entail which will only become more obvious.

Hackers Network Led to Losses in the “Tens of Millions”

whatevergoeson — Fri, 22 Jan 2010 21:02:23 +0000

A couple of news sources reported recently on the apprehension of hackers behind a 2000+ member hackers forum that went by the name DarkMarket

According to http://www.scmagazineus.com/darkmarket-mastermind-pleads-guilty/article/161483/

“A Sri Lankan man living in London admitted this week to being the mastermind behind the online hacker forum DarkMarket, which has been called one of the most nefarious criminal websites in the world. [...]

The cases resulted from an international investigation involving the FBI, the U.S. Secret Service and SOCA, and has been heralded as one of the biggest anti-cybercrime success stories to date, resulting in more than 60 arrests worldwide.”

According to the financial times:

“DarkMarket was set up by Mr Subramaniam and others in late 2005 as a private online community where trusted members could sell credit card and bank account details in the same way as legal goods are traded on auction sites such as Ebay. The US Federal Bureau of Investigation and the UK’s Serious Organised Crime Agency estimate the information sold by the forum’s 2,000 criminal members led to losses of tens of millions of pounds for banks and individuals.”

One thing people should be aware of is that, while this is one of the most publicized cases, many similar underground forums exists. Online fraud is estimated to cost the world over 75 billion dollars per year. Seeing the tip of the iceberg helps to bring awareness to businesses about the importance of information security.