August 29, 2020

1023 words 5 mins read

What is the Microsoft Pluton security processor?

What is the Microsoft Pluton security processor?

Microsoft Pluton is a new type of secure processor that promises to revolutionise PC security by housing sensitive data inside the chip. This approach deviates markedly from existing processor architecture, which normally forces the CPU to communicate with a separate trusted platform module (TPM), which stores sensitive data such as encryption keys and critical system information. As cyber securit

y threats have become more sophisticated, hackers have started to target the TPM, something which has led to an explosion in the number of potential attack vectors. SEE MORE Microsoft aims to simplify security portfolio with Defender rebrand SEE MORE Microsoft offers hackers $100K to break Azure Sphere SEE MORE Microsoft partners with device and chip makers on ‘secured-core’ PCs Pluton is designed to address this vulnerability by effectively removing this channel of communication and instead hosting this sensitive information inside the chip. Microsoft claims this makes it impossible to lift things like encryption keys from the hardware, regardless of the type of attack used. Following a collaboration between Microsoft, AMD, Intel, and Qualcomm, work on the chip was first announced on 17 November 2020, building on a previous iteration that powered the Xbox One. How does Microsoft Pluton work? On most PCs today, operating system security is largely handled by the trusted platform module (TPM). This separate hardware component that stores encryption keys and has been a mainstay in computing for more than a decade. Today it’s used to support Windows security programmes like Hello and BitLocker. The CPU needs to communicate with the TPM, usually across a bus interface, in order for this information to be shared. However, this communication channel also exposes this information to the outside world, something which is frequently being targeted and exploited by hackers in order to lift sensitive data as it moves. Pluton attempts to solve this by removing this communication channel altogether. Instead, the CPU emulates a TPM onboard the chip, complete with the same specs and APIs, and while still being able to support the same security features that Windows users have come to know. Data such as encryption keys, user biometric data, and account credentials can all be stored directly on the Pluton processor, which are effectively isolated. Secure Hardware Cryptography Key (SHACK) technology is also used to encrypt the data it holds, adding an additional layer of security. Hackers would be unable to extract this data as a result, even if they have malware installed or physical access to the machine, according to Microsoft. When will Pluton processors be released? The Pluton architecture is expected to feature in a future range of chips designed by AMD, Intel, and Qualcomm. No release date has been given.

Date: 2020-11-17

URL: http://feeds.itpro.co.uk/~r/ITPro/Today/~3/0kXWZqwtk0U/what-is-the-microsoft-pluton-security-processor

itpro.co.uk

Biden team signals president-elect may target Section 230 and data privacy (2020-12-04) A senior technology advisor to Joe Biden yesterday signaled that the President-elect is interested in changing Section 230 a key law protecting social media companies from legal liability Bruce Reed who also advised Biden on technology during his vice presidency made the announcement during the online launch of the book Which Side of History? How Technology is Reshaping Democracy and Our Lives in ..
Microsoft Defender for Identity can now detect Zerologon exploits (2020-12-01) Microsoft has updated its Microsoft Defender for Identity programme to detect Zerologon exploits enabling SecOps teams to detect attacks using this vulnerability The Zerologon flaw is authentication bypass flaw in the Netlogon Remote Protocol MS-NRPC that allows an attack against Microsoft Active Directory domain controllers making it possible for a hacker to impersonate any computer including the..
Zoostorm Ryzen 5 Pro 4650G review gallery (2020-11-12) A secure office desktop
Zoom tackles ‘Zoom-bombing’ with new security features (2020-11-17) Video conferencing service Zoom has added a set of security features to help users combat Zoom-bombing attacks The new controls will help account holders remove unwanted guests and also spot if their meetings ID number has been shared online SEE MORE Twitter hackers virtual trial zoom bombed after ID leak SEE MORE Zoom review: Are we alone now? SEE MORE Zoom settles with the FTC over deceptive enc..
Nokia: 5G is 90% more energy efficient than 4G (2020-12-03) 5G networks are up to 90% more efficient than 4G networks according to a new study conducted by Nokia and Telefonica The findings are based on a three-month study of Radio Access Network RAN power consumption in Telefonicas network using Nokias AirScale Base Stations and AirScale Massive MIMO Active Antenna solutions Both companies are committed to limiting global warming to 15C The research concl.. Nokia: 5G is 90% more energy efficient than 4G
350,000 Spotify users hacked in credential stuffing attack (2020-11-24) Hackers have accessed as many as 350000 Spotify user accounts as part of a credential-stuffing attack and have doneso without having to crack Spotifys system According to security researchers at vpnMentor the attacks were successful because hackers reused login credentials from previous data breaches The hackers simply needed to try various username and password variations on Spotify which is know..
Microsoft Surface Laptop Go review gallery (2020-11-03) The Surface Laptop Go shaves some weight cost and features off the core Surface Laptop design
Using technology to keep intruders out and data safe (2020-11-06) Noble Group CISO Shane Read has spent the past five years helping his company recover from a cyber security incident that had an enormous impact on the business A rogue insider wiped billions off the companys value in 2015 through unauthorised exfiltration of data from the company The share price of what was once a 5000-strong company collapsed and the companys value dropped from $12 billion to ar..
Google Pixelbook Go review gallery (2020-12-02) This first-party Chromebook is a slice of budget-friendly brilliance
Webinar: Embracing Managed Services (2020-11-18) The role of managed services providers MSPs should never be underestimated both now and in the future Despite the events of 2020 so far MSPs play and will continue to play a key role in helping businesses of all sizes continue with both business as normal and their on-going digital transformation efforts Watch our webinar now available on-demandbrought to you by Channel Pro and IT Pro in associati..