Data and security leaders will seek answers to the two reported vulnerabilities in the Trusted Platform Module (TPM) 2.0 specification. The TPM 2.0 flaws could let hackers steal cryptographic keys. TPM is a technology that provides secure cryptographic functions to operating systems using hardware. It can store sensitive data such as cryptographic keys and passwords, so any weakness in its implementation can cause concern.
The TPM vulnerabilities put billions of devices and a high volume of sensitive data at risk.
If exploited, attackers could get their hands on your sensitive data, like cryptographic keys. These vulnerabilities require authenticated local access, meaning malware present on devices poses a threat too.
Current Advisory
Limit physical access to your device to trusted users, only use signed applications from reputable vendors, and apply firmware updates as soon as they become available. The vulnerabilities happen when the TPM specification handles parameters for specific commands. To address this, impacted vendors should move to a fixed version of the specification, which includes one of the following:
- TMP 2.0 v1.59 Errata version 1.4 or higher
- TMP 2.0 v1.38 Errata version 1.13 or higher
- TMP 2.0 v1.16 Errata version 1.6 or higher
Lenovo is the only major OEM with a security advisory about the two TPM flaws.
Anthony Spadafora. Tom’s Guide: Billions of PCs and other devices vulnerable to newly discovered TPM 2.0 flaws, March 2023
What about Machine Learning Data?
The situation is much worse for data used for Machine Learning (ML) in enterprises.
Today’s current infrastructure cannot encrypt data during ML training and inference.
The current infrastructure cannot encrypt data during ML training and inference. Such a breach, in which passwords are compromised, can potentially affect confidential computing or other hardware-based solutions. Enterprises need an additional layer of protection for sensitive data.
Protopia AI’s Stained Glass Transform™ provides this added protection by allowing enterprises to extract ML insights from their data while protecting sensitive information. This privacy-enhancing technology generates a Randomized Re-Representation of the data that is only understandable to the specific ML task, ensuring data security. Even if data is compromised, a malicious actor would not see plaintext data but Randomized Re-Representations, which mean nothing to them.
[With Stained Glass] even if data is compromised, a malicious actor would not see plaintext data but Randomized Re-Representations, which mean nothing to them.
Protopia AI is a software solution compatible with any data type and can be used on the cloud, on-prem, or on edge. It is being utilized by the US Navy and financial institutions to enable diverse stakeholders to access and share data with confidential information.
Remember, protect your devices and data. Use anti-malware and ML data software to keep those attacks at bay.