- Google released an optional security update that patches Chromebooks’ TPM.
- A bug in the newest Infineon TPM allows hackers to potentially brute-force a Chromebook to get your encrypted data.
- Installing the update wipes all of your local data.
An optional security update for Chromebooks will likely wipe your local data, but it might be smart to download it anyway.
That is because the update patches the newest Infineon Trusted Platform Module (TPM), which generates and stores cryptographic keys that protect local data. The vulnerability leaves these keys open to brute-force attacks that potentially allow hackers to access your encrypted data.
Even if hackers gained access to these keys, it would theoretically take them a long time to crack them. Google nonetheless issued an update to all Chromebooks that feature the Infineon TPM chip. The chip’s firmware is maintained separately from the operating system, which is why this is not a system-wide update.
Because the bug affects over 100 Chromebooks, odds are your Chromebook is affected. To make sure, type chrome://system in your URL bar, hit Ctrl + F, and search for TPM. From there, click the Expand button next to TPM Version. If you have any version listed below, the TPM update is available for your Chromebook:
- 000000000000041f – 4.31
- 0000000000000420 – 4.32
- 0000000000000628 – 6.40
- 0000000000008520 – 133.32
Before you update your TPM firmware, make sure to back up your local files. Once that is done, select Powerwash from the advanced menu within system settings. In the Powerwash screen, select the checkbox that says “Update firmware for added security.” Continue with the reset and you should be good to go.
You do not have to install the update, but it gives peace of mind for those who value security above all else.
February 19, 2018 at 11:47PM