Slyck Chatbox - And More

A raft of flaws in AMD chips makes bad hacks much, much worse

What's happening in the world of technology related to hardware. Please submit stories for this forum here.
Forum rules

A raft of flaws in AMD chips makes bad hacks much, much worse

Postby MrFredPFL » Tue Mar 13, 2018 10:32 pm

Story :

Secure enclaves like the one found in iPhones are intended to be impenetrable fortresses that handle tasks too sensitive for the main CPUs they work with. AMD's version of that co-processor contains a raft of critical flaws that attackers could exploit to run malware that's nearly impossible to detect and has direct access to a vulnerable computer's most sensitive secrets, a report published Tuesday warned. The chips also contain what the report called "backdoors" that hackers can exploit to gain administrative access.

The flaws—in AMD's EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile lines of processors—require attackers to first gain administrative rights on a targeted network or computer, which is a hurdle that's difficult but by no means impossible to clear. From there, attackers can exploit the vulnerabilities to achieve a variety of extraordinary feats that would be catastrophic for the owners' long-term security. Among other things, the feats include:

Running persistent malware inside the AMD Secure Processor that's impossible—or nearly impossible—to detect
Bypassing advanced protections such as AMD's Secure Encrypted Virtualization, Firmware Trusted Platform Module, and other security features, which are intended to secure systems and sensitive data in the event that malware infects a computer's operating system
Stealing credentials a vulnerable computer uses to access networks
Physically destroying hardware by attackers in hardware-based "ransomware" scenarios

The four classes of vulnerabilities—dubbed Masterkey, Ryzenfall, Fallout, and Chimera—were described in a 20-page report headlined "Severe Security Advisory on AMD Processors." The advisory came with its own disclaimer that CTS—the Israeli research organization that published the report—"may have, either directly or indirectly, an economic interest in the performance" of the stock of AMD or other companies. It also discloses that its contents were all statements of opinion and "not statements of fact." Critics have said the disclaimers, which are highly unusual in security reports, are signs that the report is exaggerating the severity of the vulnerabilities in a blatant attempt to influence the stock price of AMD and possibly other companies. Critics also faulted the researchers for giving AMD just 24 hours to review the report before it went public and using a dedicated-website to bring attention to the flaws.

Posts: 15773
Joined: Wed Aug 17, 2005 4:48 pm

Re: A raft of flaws in AMD chips makes bad hacks much, much

Postby tehdoomsayer » Wed Mar 14, 2018 12:14 am

haha... ryzenfall. phenomenal name
Posts: 434
Joined: Tue Nov 06, 2007 6:13 pm
Location: USA

Re: A raft of flaws in AMD chips makes bad hacks much, much

Postby ejonesss » Wed Mar 14, 2018 11:23 am

no mention of gpu, radeon or graphics cards so looks like we gamers and crypto miners are safe from attack there
Posts: 2973
Joined: Thu Feb 06, 2003 5:43 pm

Return to Tech/Hardware News

Who is online

Users browsing this forum: No registered users and 1 guest

© 2001-2008