Hacking a Linux device with TPM + LUKS encryption: extracting the TPM key from SPI in plaintext. 🐧💻👂🔑🎉
Security researchers Per Idenfeldt Okuyama and Sam Eizad share technical details of a security vulnerability (CVE-2026-0714) discovered in the Moxa UC-1222A Linux device that uses a discrete TPM 2.0 chip to protect LUKS encryption keys.
With physical access, an attacker can tap into the SPI pins on the board and sniff the encryption key in plaintext from the SPI interface using a relatively inexpensive logic analyzer. As simple as that.
Now, this is a vulnerability in one specific device, but the approach is quite promising.
AFAIR, this is the first public attack of this kind on Linux systems, and not on Windows/BitLocker. Enjoy the read, and please share it with your colleagues and people who should know about it. :)
More details:
[CVE-2026-0714] TPM-sniffing LUKS Keys on an Embedded Device [Blog]: https://www.cyloq.se/en/research/cve-2026-0714-tpm-sniffing-luks-keys-on-an-embedded-device
目录
最新
- Multiple vulnerabilities in [Censored] electric motorcycles: how to hack a vehicle without one. ⚡🏍️📱🔬🤭
- Hacking wireless security cameras with a laser: from 120 meters away with a 100% success rate! 🛜📹 🔫☠️🥷🏻
- Hack 3D printers into robots: cheap, easy-to-manage & modify lab automation. 📇🛠️🤖🦾🌟
- New attack on OpenClaw or similar AI agents that infects them with “malicious skills.” 🤖💉👾😵💫🤡
- Hacking the Freebox HD (TV/Internet box): how one can use the DooM to exploit a router. 📺📦🔌👨🏻💻💰
- Jamming and spoofing of GPS on ships: real-world attacks on global navigation systems 🛳️🧭😵💫👁️👽
- Hacking ECU of heavy-duty vehicles (trucks, buses, etc.): How to attack the J1939 protocol at scale. 🚜🔧👨🏻💻🦠🎉
- Hacking crypto (cryptography! 🤪) without hard math: how to find bugs in implementation.👨🏻💻🔏👩🏿💻🤔💥