Tag Archives: Compromise

[News] Quantum Cryptography Compromised

Nature.com posted an article describing that a hacking team around Vadim Makarov at the Norwegian University of Science and Technology in Trondheim have now cracked two commercial quantum cryptographic systems.Vadim Makarov said

Our hack gave 100% knowledge of the key, with zero disturbance to the system (..)

The Norwegian team attacked one system by ID Quantique (IDQ) based in Switzerland and another one by MagiQ Technologies from the U.S. It took two months to develop an unnoticable hack.

The Theory behind

Usually in cryptography the sender of a message is called “Alice”, the receiver is called “Bob”, and and evesdropper is named “Eve”. In quantum cryptography the message is consisting of photons. And according to the theory of quantum cryptography an evesdropper “Eve” trying to apply a man-in-the-middle attack leaves disturbances on the properties of the photons, sent by “Alice”, thus corrupting the message. But a corrupted message is easily detected by comparing parts of the message.

In Makarov and colleagues’ hack, Eve gets round this constraint by ‘blinding’ Bob’s detector — shining a continuous, 1-milliwatt laser at it. While Bob’s detector is thus disabled, Eve can then intercept Alice’s signal.
(..) That means that every time Eve intercepts a bit value of 1 from Alice, she can send a bright pulse to Bob, so that he also receives the correct signal, and is entirely unaware that his detector has been sabotaged. There is no mismatch between Eve and Bob’s readings because Eve sends Bob a classical signal, not a quantum one. As quantum cryptographic rules no longer apply, no alarm bells are triggered, says Makarov.

“We have exploited a purely technological loophole that turns a quantum cryptographic system into a classical system, without anyone noticing,” says Makarov.

Enjoy the whole article on Nature.com

[Security] Tarnovsky Explains Infineon TPM Hack

On the Black Hat 2010 conference in Crystal City notorious smart card hacker Christopher Tarnovsky explained how he managed to hack current Trusted Platform Modules by Infineon.

This time Tarnovsky managed to read secured data from TPM chips like RSA and DES crypto keys. His approach took six months and a lab consisting of devices for about US$ 200,000. After having found out the exacty way to compromise Infineon’s chips it took only six hours to compromise an XBox 360’s TPM chip.

On the Black Hat 2008 in Amsterdam Tarnovsky said he was offered US$ 100,000 to crack the Xbox 360’s TPM:

A Microsoft engineer is wondering: “Did you take an interest in the processor of our Xbox360 game console?” – “I was offered 100’000 dollars to break it”, says Tarnovsky. “But I replied that that wasn’t enough.”

For people generally interested in approaching smart card security check this article with a video Wired.com featuring Tarnovsky in his security lab.

[DVB] Premiere/Sky Nagravision or NDS Videoguard Hack?

What happened so far?

The forums and news sites are again full of coverage about a hack of the german Pay-TV channel Premiere (forthcoming name: Sky Germany). As we already stated in april, 2009 this is a hoax. There are no evidences or proofs whatsoever. Anyway you’d better read on, why we believe searching for a hack is useless.

Continue reading

[MacOS] Critical Safari and Firefox Java Exploit


Landon Fuller reports that an almost six months old Java exploit has still not been fixed for Mac OS X. The exploit allows to compromise the Java sandbox in order to break out and run commands with the permissions of the executing user.


This issue is classified as serious as Java applets containing malicious code may be executed just by visiting a web page. Ladon Fuller says an illegal exploit is available in the wild. He prepared a proof of concept exploit that will make your Mac OS X computer say “I am executing in a user process“.

Applies to

The exploit aswell applies to Intel as to PowerPC based Mac OS X systems running Safari or Firefox.

More information

Some more background information and workarounds may be found on Fuller’s site.