Microsoft’s new security chip Pluton is finally going to be tested

Read Time:3 Minute, 38 Second


Promotional image of the new laptop.

In November 2020, Microsoft launched Pluton, a security processor designed to prevent some of the most sophisticated types of hacker attacks. On Tuesday, AMD said it would integrate the chip into its upcoming Ryzen CPU for use in Lenovo’s ThinkPad Z series notebook computers.

Microsoft has used Pluton to protect Xbox Ones and Azure Sphere microcontrollers from attacks that involve a person’s physical access to open the device case and perform hardware hacking attacks that bypass security. This type of hacking is usually carried out by device owners who want to run unauthorized games or programs to cheat.

Now, Pluton is developing to protect PCs from malicious physical hackers designed to install malicious software or steal keys or other sensitive secrets. Although many systems already have trusted platform modules or protective measures (such as Intel’s Software Guard Extensions) to protect such data, these secrets are still vulnerable to many types of attacks.

One such physical attack involves placing wires, exploiting the connections between the TPM and other equipment components, and extracting secrets passed between machines. In August last year, researchers disclosed an attack that took only 30 minutes to extract the BitLocker key from a new Lenovo computer pre-configured to use full disk encryption, TPM, password-protected BIOS settings, and UEFI SecureBoot. Hacking attacks by sniffing the connection between the TPM and the CMOS chip show that locking the laptop with the latest defensive measures is not always sufficient.

A similar attack announced three months later showed that vulnerabilities in Intel CPUs (now fixed) can be used to undermine various security measures, including those provided by BitLocker, TPM, and anti-copy restrictions. The attacks known as Spectre and Meltdown have repeatedly emphasized the threat of malicious code extracting secrets directly from the CPU, even if the secrets are stored in Intel’s SGX.

A new method

Pluton aims to solve all these problems. It is directly integrated into the CPU chip, storing encryption keys and other secrets in a walled garden completely isolated from other system components. Microsoft said that even if an attacker installs malicious software or completely owns a PC, the data stored there cannot be deleted.

One of the measures that makes this possible is a unique secure hardware encryption key or SHACK. SHACK helps to ensure that the key is never exposed outside the protected hardware, even the Pluton firmware itself. Pluton will also be responsible for automatically providing firmware updates through Windows Update. By tightly integrating hardware and software, Microsoft hopes that Pluton can seamlessly install security patches as needed.

“If I manage the office IT department, I want people to run a verified version of Windows and office applications, and lock down other content as much as possible to prevent all kinds of malicious and unauthorized things,” hardware hacker Joseph Fitzpatrick ( Joseph FitzPatrick) said. A researcher specializing in firmware security on SecuringHardware.com. “Pluton is the hardware-driven approach to achieve this goal.”

Microsoft

He said Pluton will also prevent people from running software that has been modified without the developer’s permission.

“The advantage is that it makes the x86 system more secure and reliable by further enabling the walled garden approach,” FitzPatrick said. “The disadvantage is a typical complaint about walled gardens.”

From the beginning, TPMs had a fundamental limitation-they were never designed to withstand physical attacks. Over time, Microsoft and other companies began to use TPM as a more secure place to store BitLocker keys and similar secrets. This method is much better than storing the key on disk, but as the researchers have shown, it is far from enough.

Finally, Apple and Google introduced T2 and Titan chips to improve. These chips provide some guarantees against physical attacks, but both are basically fixed on existing systems. In contrast, Pluton is directly integrated into the CPU.

The security chip can be configured in any of the following three ways: as a device TPM, as a security processor used in non-TMP scenarios, such as platform flexibility, or as something that the PC manufacturer shuts down before shipment.

The ThinkPad Z series notebooks equipped with Pluton integrated Ryzen will start shipping in May.Microsoft said
ThinkPad Z13 and Z16 models that use Pluton as the TPM will help protect Windows Hello credentials by further isolating the attacker’s credentials.


go to see more here in tech news

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Decline
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active

Who we are

Suggested text: Our website address is: https://updatednews24.com.

Comments

Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Suggested text: Visitor comments may be checked through an automated spam detection service.
Save settings
Cookies settings