Nature.com posted an article describing that a hacking team around Vadim Makarov at the Norwegian University of Science and Technology in Trondheim have now cracked two commercial quantum cryptographic systems.Vadim Makarov said
Our hack gave 100% knowledge of the key, with zero disturbance to the system (..)
The Norwegian team attacked one system by ID Quantique (IDQ) based in Switzerland and another one by MagiQ Technologies from the U.S. It took two months to develop an unnoticable hack.
The Theory behind
Usually in cryptography the sender of a message is called “Alice”, the receiver is called “Bob”, and and evesdropper is named “Eve”. In quantum cryptography the message is consisting of photons. And according to the theory of quantum cryptography an evesdropper “Eve” trying to apply a man-in-the-middle attack leaves disturbances on the properties of the photons, sent by “Alice”, thus corrupting the message. But a corrupted message is easily detected by comparing parts of the message.
In Makarov and colleagues’ hack, Eve gets round this constraint by ‘blinding’ Bob’s detector — shining a continuous, 1-milliwatt laser at it. While Bob’s detector is thus disabled, Eve can then intercept Alice’s signal.
(..) That means that every time Eve intercepts a bit value of 1 from Alice, she can send a bright pulse to Bob, so that he also receives the correct signal, and is entirely unaware that his detector has been sabotaged. There is no mismatch between Eve and Bob’s readings because Eve sends Bob a classical signal, not a quantum one. As quantum cryptographic rules no longer apply, no alarm bells are triggered, says Makarov.
“We have exploited a purely technological loophole that turns a quantum cryptographic system into a classical system, without anyone noticing,” says Makarov.
Obviously notorious George Hotz has managed to get all 7 SPUs of the Playstation 3’s CPU under his control. This means although he cannot access the CPU’s root key, he now can decrypt everything that’s going thru these SPUs like datastreams of (encrypted) commercial games.
The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.
In the meantime another hacker going under the nick XorLoser has released a more detailed manual of how to use GeoHot’s exploitation files and how to do the glitching.
Besides that XorLoser maintains a plugin for reverser’s beloved Interactive Disassembler (IDA) that contains special PPC instructions for Xbox360 and PS3.
Congratulations to GeoHot. Kudos fly out to XorLoser.