If you're looking to buy a new device, you might see security chips listed in specs. Most people quickly skim this information without really considering what it means.

So what are security chips? Does it matter which chip your device has? And how do security chips actually work?

What Are Security Chips Exactly?

Security chips are small components embedded in a device to protect its integrity.

Security chips are microelectronics that handle the security of your device’s hardware and firmware. On the hardware level, they prevent outsiders from tampering with components and exploiting vulnerabilities in hardware. Similarly, security chips facilitate firmware security by encrypting data stored on the device and ensuring outsiders can’t modify the software.

In computers and phones, for example, security chips ensure that all other components are compatible and have not been tampered with since leaving the manufacturing plant. Security chips also handle secure boot, password authentication and credentials management, as well as encryption, among other functions.

Ultimately, the design and configuration of security chips make them barriers to physical and over-the-air cyberattacks.

Why Should You Care What Kind of Security Chip You Have?

When it comes to things you need to consider when buying new hardware, security chips often get a cursory glance compared to features like RAM, processor, graphics card, and display resolution. That’s understandable because those features carry the bulk of daily computing tasks. But, as we learned when Microsoft released Windows 11, security chips are just as important. Many Windows 10 users couldn’t update to Windows 11 because their devices lacked TPM 2.0., and chose to install Windows 11 on unsupported hardware.

How Do Security Chips Work?

Photo of Golden Cogwheel on Black Background

A security chip’s workflow will depend on its integration—onboard as a separate, dedicated module like TPM 2.0 and Google’s Titan M2 or directly with the CPU like the Pluton security processor by Microsoft.

The Titan M2 is a separate module that communicates with the rest of the system-on-chip (SoC). It has its own flash memory and a microkernel, so devices that use the chip operate in an isolated, secure environment. The flash memory handles the storage of sensitive data while the microkernel interfaces with the rest of the operating system. Upon start, the microkernel audits its firmware and validates its components to ensure no physical alterations have happened since the last boot. Only after a successful audit will the chip allow access to the flash memory to complete hardware boot and user verification.

Meanwhile, unlike chips that communicate with the rest of the SoC, Pluton runs an integrated security subsystem in the CPU. This way, the chip handles everything, including secure boot, cryptographic validation, credentials protection, and overall device security, without relying on other SoC components. This system is better for security as it removes potential weak links. Using integrated subsystems is not a new technology, not for Microsoft. Xbox consoles and Azure Sphere have used security processors since 2013. Pluton merely builds on that.

How Are Security Chips Attacked?

Security chips take big leaps that significantly improve their security, but this takes years of research, development, and testing. Although chip firmware is immutable, manufacturers have some wiggle room to fix minor bugs via firmware updates. So, hackers are motivated to find and exploit vulnerabilities before the manufacturer patches bugs or release a better chip.

Attacks on security chips typically focus on compromising the communication between the security chip and the SoC. To do this, hackers often rely on a combination of hardware attacks like side-channel attacks, using a logic analyzer, and fault injection.

What Does This Mean for You?Photo of a Laptop with a Half-closed Lid

Consider buying devices with the latest security standards, especially when shopping for upgrades or replacements. Unlike non-physical cyberattacks, where you can take precautions like encrypting your storage or using strong passwords, there’s little you can do against physical hacks once attackers compromise a security chip. At that point, every device that uses that chip is at risk.

That’s not likely to happen, though. Physical hacks are not common because hackers have to possess the hardware of interest, thus increasing their risk of being caught and leaving a trail of evidence that worsen their legal liability. It’s simply not worth it unless the target possesses a trove of valuable data—like, say, your computer holds the access keys to ATMs or nuclear reactors.

Regardless, you shouldn’t take the risk with old hardware running on outdated security chips because that could still leave you vulnerable to over-the-air attacks.

Security Chips Protect You Too

Most of us know and use antivirus software as the first line of defense against cybercriminals and cyberattacks, but few of us recognize the good that security chips do in keeping our devices and data secure. Next time you're shopping for a new laptop or smartphone, don't forget to research into the security chips as well.