Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
Even full disk formatting won't save your computer any more.
Researchers from IOActive discovered a critical vulnerability in AMD processors that has existed for several decades. This vulnerability, called Sinkclose, allows attackers to break into the most secure parts of the computer, and its elimination is considered a task close to impossible. Experts warn that this problem affects almost all AMD processors, starting in 2006, and possibly earlier.
At the Defcon conference, experts Enrique Nissim and Krzysztof Okupski plan to present details of this vulnerability. It allows hackers to execute their own code in a particularly privileged mode of the AMD processor, which is intended only for the protected part of its firmware. This opens the way for creating malware that can take root deep in the system and remain undetected even when the operating system is reinstalled.
To exploit the vulnerability, attackers need to gain access to the operating system kernel. After that, they will be able to install a so — called "bootkit" on their computer-malware that cannot be detected by antivirus programs. This software provides full control over your computer and persists even after a reboot. Moreover, in the event of an incorrect configuration of the security system, which, according to the researchers, is found in most of the systems they tested, it will be almost impossible to remove such software.
Okupski stresses that even formatting the hard drive will not help to get rid of this threat: "Even if you completely clear the disk, the malware will remain. It is almost undetectable and virtually impossible to eradicate." The only way to remove such software is to physically open the computer case and use special equipment to clean up the memory.
AMD acknowledged the existence of this vulnerability and thanked the researchers for their work. The company has already released patches for some of its products, including the EPYC and Ryzen series processors, and plans to release updates for other CPU lines in the near future. However, it remains unclear how AMD plans to fully close this gap, and when this will be done.
Researchers note that despite the difficulties with exploiting this vulnerability, experienced hackers, especially those who are supported by government agencies, may already have the necessary tools to use it.
Fixes for this vulnerability will be distributed through operating system updates. Users are strongly encouraged to install them as soon as possible (when they become available) to prevent possible attacks.
Meanwhile, AMD has already updated its security bulletin page to include a list of chips affected by the Sinkclose vulnerability.
Source
Researchers from IOActive discovered a critical vulnerability in AMD processors that has existed for several decades. This vulnerability, called Sinkclose, allows attackers to break into the most secure parts of the computer, and its elimination is considered a task close to impossible. Experts warn that this problem affects almost all AMD processors, starting in 2006, and possibly earlier.
At the Defcon conference, experts Enrique Nissim and Krzysztof Okupski plan to present details of this vulnerability. It allows hackers to execute their own code in a particularly privileged mode of the AMD processor, which is intended only for the protected part of its firmware. This opens the way for creating malware that can take root deep in the system and remain undetected even when the operating system is reinstalled.
To exploit the vulnerability, attackers need to gain access to the operating system kernel. After that, they will be able to install a so — called "bootkit" on their computer-malware that cannot be detected by antivirus programs. This software provides full control over your computer and persists even after a reboot. Moreover, in the event of an incorrect configuration of the security system, which, according to the researchers, is found in most of the systems they tested, it will be almost impossible to remove such software.
Okupski stresses that even formatting the hard drive will not help to get rid of this threat: "Even if you completely clear the disk, the malware will remain. It is almost undetectable and virtually impossible to eradicate." The only way to remove such software is to physically open the computer case and use special equipment to clean up the memory.
AMD acknowledged the existence of this vulnerability and thanked the researchers for their work. The company has already released patches for some of its products, including the EPYC and Ryzen series processors, and plans to release updates for other CPU lines in the near future. However, it remains unclear how AMD plans to fully close this gap, and when this will be done.
Researchers note that despite the difficulties with exploiting this vulnerability, experienced hackers, especially those who are supported by government agencies, may already have the necessary tools to use it.
Fixes for this vulnerability will be distributed through operating system updates. Users are strongly encouraged to install them as soon as possible (when they become available) to prevent possible attacks.
Meanwhile, AMD has already updated its security bulletin page to include a list of chips affected by the Sinkclose vulnerability.
Source
