A common HSM approach is to keep the key material in battery-backed SRAM so it evaporates when unpowered or tampered. The single-chip solution used in smartphones probably has no budget for extra parts just for key security, so the key will be fixed and stored in processor antifuses. You theoretically could get at them with a scanning electron microscope, but only with extreme difficulty and no guarantee of success on a single device. And it's a destructive process.
I don't know, but evidently the manufacturers think it's "low enough". This is definitely the kind of security which is about increasing the resource spend per attack rather than guaranteeing impossibility.
All of the sibling comments have great explanations of common processes, but one is missing: a metal mesh as part of the top of the CPU silicon. It's talked about a little bit here: http://users.encs.concordia.ca/~clark/courses/1501-6150/scri... Essentially, there's a "trap" on the top of the chip that resets the memory if touched by a conductive probe of any kind. I don't know the specifics of how you'd construct such a thing, but it seems like it wouldn't be too complicated to do.
Yes, my question exactly. I know one of the countermeasures devices like the RSA tokens use is to fill the body of the device with plastic or resin to make it really hard to pull apart, but I'm curious how it works for a microprocessor.
Yeah, so how, exactly, do they wipe their data? Is it a firmware process? What if they are unpowered as they are tampered?
Or is the media attached in such a way that physically removing it would damage it physically?