The past few days have not been particularly good ones for the technology community. First, we learned that the increasingly fragile WPA2 protocol has some glaring defects in almost every one of its implementations. (Thankfully, there is already some remediation available for many platforms and devices.)
Now, however, we have a much more impacting disclosure: A “trusted platform module” (TPM) that cannot be trusted. Sigh.
This will definitely require firmware updates for all the affected hardware, which dates from 2012 onward: “Infineon security chips manufactured from 2012 onwards, including the latest versions, are all vulnerable.”
This is even more impactful than the WiFi vulnerability, especially when you consider that authentication tokens and smartcards are affected.
Here are some additional articles for you to review: