Christopher Tarnovsky

Last updated

Christopher Tarnovsky (born 20 April 1971, Nyack, New York) is an integrated circuit reverse engineering specialist or hacker who has come to public attention. [1]

Contents

Life and career

In the 1990s, Tarnovsky was a soldier in the United States army in the field of intelligence, security and cryptography. [2] From 1997 to 2007 he worked for NDS. He then started his own company, Flylogic, which he sold to IOActive in 2012. [3] Until 2014 Tarnovsky was vice president of semiconductor services at IOActive. [4] Tarnovsky has a diagnosis of attention deficit hyperactivity disorder, [2] which gives him the ability to "hyper-focus" on projects for hours at a time.

In 2001, DirecTV, a client of NDS, a company majority owned by Rupert Murdoch's Newscorp, demanded Tarnovsky be kept away from their systems. Plaintiffs DirecTV, Dish Network and Nagrastar alleged Tarnovsky was hacking the protections they placed on their set-top box smart cards which were used to lock transmission from customers who defaulted. [2] [5] [6]

From 1997 to 2007, Tarnovsky worked for NDS developing copy protection technology. [2] [7]

In 2002, Canal Plus, a French premium cable television commenced a civil action against NDS and Tarnovsky. Tarnovsky was alleged to have extracted the source code of a SECA card and then on 26 March 1999 uploaded it to a file sharing website. [8] A jury later largely cleared NDS and Tarnovsky. [2] [9]

In 2007, Tarnovsky was dismissed from NDS for copyright infringement while in their employ. Tarnovsky denies this accusation. [2]

Acts of hacking

In 2008, Tarnovsky broke into a Trusted Platform Module, a type of chip used in the Xbox 360 for example. [7] Tarnovsky required nine months of study to discover the main contents of the module. [10]

In 2010, at a Black Hat Washington DC conference, Tarnovsky described how he had used acid, an electron microscope and small conductive needles to hack the Infineon SLE66 CL PE chip. [11]

Related Research Articles

<span class="mw-page-title-main">Rupert Murdoch</span> Australian-born American business magnate (born 1931)

Keith Rupert Murdoch is an Australian-born American business magnate, investor, and media proprietor. Through his company News Corp, he is the owner of hundreds of local, national, and international publishing outlets around the world, including in the UK, in Australia, in the US, book publisher HarperCollins, and the television broadcasting channels Sky News Australia and Fox News. He was also the owner of Sky, 21st Century Fox, and the now-defunct News of the World. With a net worth of US$21.7 billion as of 2 March 2022, Murdoch is the 31st richest person in the United States and the 71st richest in the world according to Forbes magazine.

<span class="mw-page-title-main">ITV Digital</span> Former British subscription-based digital terrestrial TV service

ITV Digital was a British digital terrestrial television broadcaster which launched a pay-TV service on the world's first digital terrestrial television network. Its main shareholders were Carlton Communications plc and Granada plc, owners of multiple licences of the ITV network. Starting as ONdigital in 1998, the service was rebranded as ITV Digital in July 2001.

<span class="mw-page-title-main">Secure cryptoprocessor</span> Device used for encryption

A secure cryptoprocessor is a dedicated computer-on-a-chip or microprocessor for carrying out cryptographic operations, embedded in a packaging with multiple physical security measures, which give it a degree of tamper resistance. Unlike cryptographic processors that output decrypted data onto a bus in a secure environment, a secure cryptoprocessor does not output decrypted data or decrypted program instructions in an environment where security cannot always be maintained.

<span class="mw-page-title-main">Smart card</span> Pocket-sized card with embedded integrated circuits for identification or payment functions

A smart card (SC), chip card, or integrated circuit card, is a card used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit (IC) chip. Many smart cards include a pattern of metal contacts to electrically connect to the internal chip. Others are contactless, and some are both. Smart cards can provide personal identification, authentication, data storage, and application processing. Applications include identification, financial, public transit, computer security, schools, and healthcare. Smart cards may provide strong security authentication for single sign-on (SSO) within organizations. Numerous nations have deployed smart cards throughout their populations.

<span class="mw-page-title-main">News Corporation</span> American media company (1980–2013)

The original incarnation of News Corporation was an American multinational mass media corporation controlled by media mogul Rupert Murdoch and headquartered at 1211 Avenue of the Americas in New York City. Prior to its split in 2013, it was the world's largest media company in terms of total assets and the world's fourth largest media group in terms of revenue. It had become a media powerhouse since its inception, dominating the news, television, film, and print industries.

<span class="mw-page-title-main">News UK</span> British newspaper publisher

News Corp UK & Ireland Limited is a British newspaper publisher, and a wholly owned subsidiary of the American mass media conglomerate News Corp. It is the current publisher of The Times, The Sunday Times, and The Sun newspapers; its former publications include the Today, News of the World, and The London Paper newspapers. It was established in February 1981 under the name News International plc. In June 2002, the company name was changed to News International Limited, and on 31 May 2011, to NI Group Limited, and on 26 June 2013 to News UK.

<span class="mw-page-title-main">Infineon Technologies</span> Semiconductor manufacturing company

Infineon Technologies AG is Germany's largest semiconductor manufacturer. The company was spun-off from Siemens AG in 1999. Infineon has about 58,600 employees in 2023 and is one of the ten largest semiconductor manufacturers worldwide. In 2023 the company achieved sales of €16.309 billion.

Cisco Videoscape was a majority owned subsidiary of News Corp, which develops software for the pay TV industry. NDS Group was established in 1988 as an Israeli start up company. It was acquired by Cisco in 2012 before being sold back to the private equity company Permira in 2018 for US$1 billion. The company is currently headquartered in Staines, United Kingdom.

<span class="mw-page-title-main">MIFARE</span> Brand of smart and proximity cards

MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.

Pirate decryption is the decryption, or decoding, of pay TV or pay radio signals without permission from the original broadcaster. The term "pirate" is used in the sense of copyright infringement. The MPAA and other groups which lobby in favour of intellectual property regulations have labelled such decryption as "signal theft" even though there is no direct tangible loss on the part of the original broadcaster, arguing that losing out on a potential chance to profit from a consumer's subscription fees counts as a loss of actual profit.

News Corp Australia is an Australian media conglomerate and wholly owned subsidiary of the American News Corp.

VideoGuard, produced by NDS, is a digital encryption system for use with conditional access television broadcasting. It is used on digital satellite television systems - some of which are operated by News Corporation, which owned about half (49%) of NDS until its sale to Cisco in 2012. Since 2018 VideoGuard is improved and maintained by Synamedia. Its two most widely used implementations are Sky in the United Kingdom and Ireland and DirecTV in the United States, the former of which launched the digital version of the system in 1998.

Television encryption, often referred to as scrambling, is encryption used to control access to pay television services, usually cable, satellite, or Internet Protocol television (IPTV) services.

<span class="mw-page-title-main">Trusted Platform Module</span> Standard for secure cryptoprocessors

Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor, a dedicated microcontroller designed to secure hardware through integrated cryptographic keys. The term can also refer to a chip conforming to the standard ISO/IEC 11889. Common uses are to verify platform integrity, and to store disk encryption keys.

<span class="mw-page-title-main">Hardware security module</span> Physical computing device

A hardware security module (HSM) is a physical computing device that safeguards and manages secrets, performs encryption and decryption functions for digital signatures, strong authentication and other cryptographic functions. These modules traditionally come in the form of a plug-in card or an external device that attaches directly to a computer or network server. A hardware security module contains one or more secure cryptoprocessor chips.

<span class="mw-page-title-main">BitLocker</span> Disk encryption software for Microsoft Windows

BitLocker is a full volume encryption feature included with Microsoft Windows versions starting with Windows Vista. It is designed to protect data by providing encryption for entire volumes. By default, it uses the Advanced Encryption Standard (AES) algorithm in cipher block chaining (CBC) or "xor–encrypt–xor (XEX)-based Tweaked codebook mode with ciphertext Stealing" (XTS) mode with a 128-bit or 256-bit key. CBC is not used over the whole disk; it is applied to each individual sector.

<span class="mw-page-title-main">Downloadable Conditional Access System</span>

Downloadable Conditional Access System or DCAS was a proposal advanced by CableLabs for secure software download of a specific Conditional Access client which controls digital rights management (DRM) into an OCAP-compliant host consumer media device. The National Cable & Telecommunications Association (NCTA) proposed that DCAS be used as a substitute for physical CableCARDs, a standard also created by CableLabs for which products began appearing in August 2004 as part of industry compliance to the FCC mandate, which in turn is pursuant to the Telecommunications Act of 1996. DCAS is growing in popularity as a less expensive alternative for CableCARD, with major North American operator deployments from Cablevision and Charter. DCAS deployments can be expected to grow in the coming years, thanks to favorable regulatory view from the STELA Reauthorization Act of 2014 and FCC appointing a Downloadable Security Technical Advisory Committee, and wider support for key ladder (K-LAD) functionality from system-on-chip (SoC) vendors and set-top box manufacturers.

In mid-2011, out of a series of investigations following up the News of the World royal phone hacking scandal of 2005–2007, a series of related scandals developed surrounding other News Corporation properties—where initially the scandal appeared contained to a single journalist at the News of the World, investigations eventually revealed a much wider pattern of wrongdoing. This led to the closure of the News of the World on 10 July 2011, an apology by Rupert Murdoch in an advertisement in most British national newspapers, and the withdrawing of News Corporation's bid to take over the majority of BSkyB shares it did not own.

Hardware backdoors are backdoors in hardware, such as code inside hardware or firmware of computer chips. The backdoors may be directly implemented as hardware Trojans in the integrated circuit.

The ROCA vulnerability is a cryptographic weakness that allows the private key of a key pair to be recovered from the public key in keys generated by devices with the vulnerability. "ROCA" is an acronym for "Return of Coppersmith's attack". The vulnerability has been given the identifier CVE-2017-15361.

References

  1. Chenoweth N. Rupert Murdoch: The Untold Story of the World's Greatest Media Wizard. Crown Business 12 November 2002. p. 353. ISBN   978-0609610381.
  2. 1 2 3 4 5 6 Zetter K. From the Eye of a Legal Storm, Murdoch's Satellite-TV Hacker Tells All. Wired.com San Diego. 30 May 2008. Accessed 30 September 2015.
  3. Tarnovsky, Christopher (2019-06-14). "Sophisticated million dollar hack to discover weaknesses in a series of smartcards affecting millions". Hardwear.io. Retrieved 2020-10-16.
  4. Talbot D. “Tamper-Proof” Chips, with Some Work, Might Give Up Their Secrets. MIT Technology Review 11 September 2013. Accessed 30 September 2015.
  5. Chenoweth N. Cash in News budget for police informants. The Australian Financial Review. 4 April 2012. Accessed 26 April 2012.
  6. Gardner E. Rupert Murdoch's $1 Billion Hacking Scandal You Haven't Heard About. Hollywood Reporter. 18 July 2011. Accessed 29 September 2015.
  7. 1 2 Everett D. What the silicon manufacturer has put together let no man put asunder. Smartcard.co.uk March 2010. Accessed 29 September 2015.
  8. Chenoweth N. Murdoch's inside job. The Australian Financial Review. 31 March 2012. Accessed 26 April 2012.
  9. Vivendi settles row with NDS. The Guardian 2 May 2003. Accessed 26 April 2012.
  10. Van Tilborg H. (ed.) Christopher Tarnovsky. Encyclopedia of Cryptography and Security, Springer, 10 August 2005. ISBN   978-0387234731 Accessed 26 April 2012.
  11. Stevens T. Christopher Tarnovsky hacks Infineon's 'unhackable' chip, we prepare for false-advertising litigation. Engadget.com 12 February 2010.