Christopher Tarnovsky hacks Infineon's 'unhackable' chip, we prepare for false-advertising litigation
By Tim Stevens 
posted February 12th 2010 10:31AM
posted February 12th 2010 10:31AM
posted February 12th 2010 10:31AM
A look back on popular stories from today in a specific year.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
IMHO anyone who advertises any hardware or software product as being "unhackable" is being completely and 100% unethical.
As crazy as it may sound for a tech-savvy person, people actually buy into those kinds of claims and base purchasing decisions on it.
@DoctarPeppar
They should call this the 'Titanic' chip. It's completely unhackable! Unless you hit it right...about...there! Then it's completely hackable.
@DoctarPeppar
When will companies learn that labeling it "unhackable" makes it a goal for hackers?
If they would have said "Really really hard to hack" nobody would give a rat's ass.
@DoctarPeppar
IMHO when you start making marketing hyperbole as tech claims you piss some really really smart people. Why would you want to do that ? Just say extremely difficult or heck even a robust and you would be fine.
But when you say unhackable you are just inviting trouble.
@Erb I actually think the fact that their "impossible" claim got people to actually try to hack it was a good thing for them, since it shows that it's damned near impossible to hack it unless you have serious resources at your disposal. I think if it's down to the point where we're talking about having to use electron microscopes and acid to get access it's no longer a problem about hackability so much as how good the security is where your chip is located.
@tekdemon
Yes but unhackable means unhackable -- as in cannot be hacked no matter what. It's an absolute term. I don't care if it takes 10 years and 500 electron microscopes combined with red mercury :P Either it can be hacked or it can't, and AFAIK -- Nothing is "unhackable"
Its made in China. What do you expect?
@liamdevlin
What does manufacturing have to do with the engineering behind it?
@liamdevlin
It to be better than anything the west can produce?
@paul34 Reverse engineering, something that the Chinese and Japanese have a history of doing. Given enough pieces of the puzzle you can start to figure out how things work and replicate them. Where do you think all the KIRF stuff comes from? And its not like engineer samples don't go missing.
@liamdevlin If I had to throw away everything I have thats made in China, I wouldn't be able to make this post.
@Ducman69 PS: And its not because I'm chinese. Just felt the need to clarify. :D
So if they can claim that being hacked once means it's unhackable I should be able to claim that I'm immortal.
@jsl4980
you... you already died once?
@paul34 I figure get up to one failures and can keep the title.
@jsl4980
THERE CAN BE ONLY ONE!!!
They can make it unhackable, but that doesn't mean we ain't gonna hack it.
(or whatever that quote was)
@Nitesh
Bioshock I believe.
I understand an NES emulator for it is already in the works.
Someone send him some cash to 'reverse engineer' his old employers conditional access cards. Those have been the closest things to unhackable this century.
I bet that voids the warranty.
What a beast this guy is!
Infineon is whistling in the dark. Once you do this hack, if there's enough financial incentive, than all you have to do is copy the entire chip, but with your hack installed. Then all you have to do is swap the chip. Given the skill level of chip counterfeiters these days, I'd say the door is pretty much wide open.
Isn't this the same guy who blew the doors off Dish Network?
It is unhackable using only software methods - you have to physically get inside the chip (not easy) and once you do that, they keys you do uncover are only good for that specific chip. So is it unhackable? Not in the literal sense, but people aren't going to be breaking into their xbox using the methods the hacker used.
If all computers were as hackable as this device, there would be virtually no hacking going on, as you would have to be able to take apart the hardware. Kind of tough to do that on a server that you don't have access to.
@kgsbca
I agree with you.
However, though people may not be using the same method he used to "hack" into the chip, this may lead to methods that can extract the embedded code, or bypass it completely.
So while you may not be able to "hack" your own chip using software methods, if you can bypass the functions of the chip or extract what you need, then the original purpose of the chip is defeated.
@jbondsr I believe that every one of these chips has a unique key, so even if you go to all the trouble of carefully breaking into the chip without destroying it, and then probe the chip with very expensive equipment, you will only get the key for that chip. I don't believe the information extracted from that module will be of any value for beaking into other modules. I suppose it's possible the chip mfr was lazy and didn't implement the uniqueness correctly, but it is possible to design hardware so that physical access is required for each device that you want to break into.
He puts the chip in acid....then uses rust remover to take off the mesh...and then uses micro probes, avoiding the traps built into the chip. You're stuff is not going to get hacked, unless you matter.
the man in action
http://www.youtube.com/watch?v=tnY7UVyaFiQ&feature=player_embedded