Researchers discover potentially catastrophic exploit present in AMD chips for decades

Security researchers have found a vulnerability in AMD processors that has persisted for decades, according to reporting by Wired. This is a fascinating security flaw because it was found in the firmware of the actual chips and potentially allows malware to deeply infect a computer’s memory.

The flaw was discovered by researchers from the security firm IOActive, who are calling the AMD-based vulnerability a “Sinkclose" flaw. This potentially allows hackers to run their own code in the most privileged mode of an AMD processor, System Management Mode. This is typically a protected portion of the firmware. The researchers have also noted that the flaw dates back to at least 2006 and that it impacts nearly every AMD chip.

"Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer…" New piece from @WIRED featuring research from IOActive Principal Security Consultants, Enrique Nissim & Krzysztof Okupski. https://t.co/UuvzC2qyGI

— IOActive, Inc (@IOActive) August 9, 2024

That’s the bad news. Now onto some better news. Despite being potentially catastrophic, this issue is unlikely to impact regular people. That’s because in order to make full use of the flaw, hackers would already need deep access to an AMD-based PC or server. That’s a lot of work for a random home PC, phew, but could spell trouble for corporations or other large entities.

This is particularly worrisome for governments and the like. In theory, malicious code could burrow itself so deep within the firmware that it would be almost impossible to find. As a matter of fact, the researchers say that the code would likely survive a complete reinstallation of the operating system. The best option for infected computers would be a one-way ticket to the trash heap.

“Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it's still going to be there,” says Krzysztof Okupski from IOActive. “It's going to be nearly undetectable and nearly unpatchable.”

Once successfully implemented, hackers would have full access to both surveil activity and tamper with the infected machine. AMD has acknowledged the issue and says that it has “released mitigation options” for data center products and Ryzen PC products “with mitigations for AMD embedded products coming soon.” The company has also published a full list of impacted chips.

AMD has also emphasized just how difficult it would be to take advantage of this exploit. It compares using the Sinkclose flaw to accessing a bank’s safe-deposit boxes after already bypassing alarms, guards, vault doors and other security measures. IOActive, however, says that kernel exploits — the equivalent of plans to get to those metaphorical safe-deposit boxes — exist readily in the wild. “People have kernel exploits right now for all these systems,” the organization told Wired. “They exist and they're available for attackers.”

IOActive has agreed to not publish any proof-of-concept code as AMD gets to work on patches. The researchers have warned that speed is of the essence, saying “if the foundation is broken, then the security for the whole system is broken.”

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/researchers-discover-potentially-catastrophic-exploit-present-in-amd-chips-for-decades-161541359.html?src=rss

Security researchers have found a vulnerability in AMD processors that has persisted for decades, according to reporting by Wired. This is a fascinating security flaw because it was found in the firmware of the actual chips and potentially allows malware to deeply infect a computer’s memory.

The flaw was discovered by researchers from the security firm IOActive, who are calling the AMD-based vulnerability a “Sinkclose" flaw. This potentially allows hackers to run their own code in the most privileged mode of an AMD processor, System Management Mode. This is typically a protected portion of the firmware. The researchers have also noted that the flaw dates back to at least 2006 and that it impacts nearly every AMD chip.

"Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer…" New piece from @WIRED featuring research from IOActive Principal Security Consultants, Enrique Nissim & Krzysztof Okupski. https://t.co/UuvzC2qyGI

— IOActive, Inc (@IOActive) August 9, 2024

That’s the bad news. Now onto some better news. Despite being potentially catastrophic, this issue is unlikely to impact regular people. That’s because in order to make full use of the flaw, hackers would already need deep access to an AMD-based PC or server. That’s a lot of work for a random home PC, phew, but could spell trouble for corporations or other large entities.

This is particularly worrisome for governments and the like. In theory, malicious code could burrow itself so deep within the firmware that it would be almost impossible to find. As a matter of fact, the researchers say that the code would likely survive a complete reinstallation of the operating system. The best option for infected computers would be a one-way ticket to the trash heap.

“Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it's still going to be there,” says Krzysztof Okupski from IOActive. “It's going to be nearly undetectable and nearly unpatchable.”

Once successfully implemented, hackers would have full access to both surveil activity and tamper with the infected machine. AMD has acknowledged the issue and says that it has “released mitigation options” for data center products and Ryzen PC products “with mitigations for AMD embedded products coming soon.” The company has also published a full list of impacted chips.

AMD has also emphasized just how difficult it would be to take advantage of this exploit. It compares using the Sinkclose flaw to accessing a bank’s safe-deposit boxes after already bypassing alarms, guards, vault doors and other security measures. IOActive, however, says that kernel exploits — the equivalent of plans to get to those metaphorical safe-deposit boxes — exist readily in the wild. “People have kernel exploits right now for all these systems,” the organization told Wired. “They exist and they're available for attackers.”

IOActive has agreed to not publish any proof-of-concept code as AMD gets to work on patches. The researchers have warned that speed is of the essence, saying “if the foundation is broken, then the security for the whole system is broken.”

This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/researchers-discover-potentially-catastrophic-exploit-present-in-amd-chips-for-decades-161541359.html?src=rss

HOT news

Related posts

Latest posts

PlayStation’s 30th anniversary PS5 and PS5 Pro consoles are so very pretty

The original PlayStation console, otherwise called the PS1, came out in Japan in late 1994. So we are quickly coming up on the console’s...

How DePIN Models Are Transforming The Automotive Industry

Infrastructure-intensive industries are undergoing massive transformations to meet the need for digital innovation. New technologies like artificial intelligence (AI), blockchain, and the Internet of...

As Pepe, Dogwifhat Surge, Some Investors are Backing Crypto All-Stars Meme Coin Staking Protocol

It’s been an excellent week for meme coin traders. Most of these coins have posted solid gains, and many traders are scouring the market...

SEC Approves Options Trading on Blackrock’s Ishares Bitcoin Trust (IBIT)

The U.S. Securities and Exchange Commission (SEC) has approved the listing and trading of options on the Ishares Bitcoin Trust (IBIT), a product...

Cards Against Humanity is suing SpaceX for trespassing and filling its property with ‘space garbage’

Cards Against Humanity is the latest entity to take on Elon Musk in court. The irreverent party game company filed a $15 million lawsuit...

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!