Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, August 02, 2005

Apple adopts controversial security chip

Developer preview models of Apple’s new Intel powered computer contains a security chip that has been criticised for privacy risks.  Apple recently started shipping its Developer Transition Kits that help developers test and prepare their software to the switch to the new Intel powered Apple computers next year.  The kit contains a version of OS X for Intel and a Mac computer featuring the new processor.

The computer that ships in the kit features a security chip called the Trusted Platform Module (TPM).  The TPM is an open industry standard governed by the Trusted Computing Group, a non-profit organisation which develops security standards.  Apple did not respond to questions about the TPM in time for this story’s posting.

The chips inclusion with the new Apple hardware doesn’t come as a complete surprise.  It has been previously suggested that Apple could use the TPM to prevent that computer users install the OS X operating system on a non-Mac PC such as a models made by Dell or HP.

“The TPM is going to be the barrier for moving the Macintosh software to any PC,” Martin Reynolds, a research fellow with analyst firm Gartner told  Each TPM chip contains an encrypted serial number that allows the operating system to verify if it’s running on Apple made hardware.  Hackers in theory could forge the serial number, said Reynolds, fooling the software into believing that its running on Mac hardware even when it isn’t.

The security chips currently are included with some PCs for the enterprise market from IBM/Lenovo and HP.  They use the TPM to security store passwords or encrypt data.

The upcoming Windows Vista relies on the TPM for a technology dubbed Secure Startup, which blocks access to the computer if the content of the hard drive is compromised.  This prevents a laptop thief from swapping out the hard drive, or booting the system from a floppy disk to circumvent security features. 

In the future software developers could also use the chip as an anti piracy device, Reynolds suggested.  The vendor then would link the TPM identification number to the software registration key.  But the TPM has also gained notoriety because it is seen as a way to invade the user’s privacy.  The identifying number build into the chip can be used to limit the fair use of digital media by enforcing digital rights management technologies, or could track users online.  The fear of such scenarios however is overstated, said Reynolds.  Privacy infringing schemes are uncovered sooner or later at great expense to the computer maker.  “There are things that manufacturers could do with the TPM that is very much against the interest of the user.  But in practice, the manufactures have found that it is best not to do that.”

Posted on 08/02