Researchers have discovered a potentially catastrophic vulnerability that has been present in AMD chips for decades. It is present in hundreds of millions of chips and allows you to make almost irreparable interventions – for example, gain access to some of the most privileged systems on the computer.
Details
A bug was found in the basic firmware of the chips themselves, which allows malicious software to deeply infect the computer's memory by running the code in the privileged mode of the AMD processor – system management mode. This is usually a protected part of the firmware.
IOActive, the company behind this discovery, calls the vulnerability “Sinkclose”. She says the flaw dates back to at least 2006 and affects nearly every AMD chip.
It was bad news, but there is also good news. Although potentially catastrophic, this problem is unlikely to affect ordinary people. That's because in order to fully exploit the vulnerability, hackers would need deep access to an AMD-based PC or server. This is too much work for the average home PC, but can cause problems for corporations and other large organizations.
This is of particular concern to governments and the organizations that work with them. In theory, malicious code can become so deeply rooted in firmware that it will be nearly impossible to find. In fact, the researchers say that the code is likely to survive a complete reinstallation of the operating system. The best option for infected computers will be a one-way ticket – to the trash.
Imagine government hackers or anyone else who wants access to your system. Even if you wipe your drive, it will still be there. It will be almost impossible to detect and almost impossible to fix, – says Krzysztof Okupski from IOActive.
Once successfully implemented, hackers will have full access to both monitoring activity and interfering with the infected computer.
What AMD Says
AMD has acknowledged the issue and said it has “released mitigations” for Ryzen data center and PC products, “and mitigations for AMD embedded products will appear in the near future”. The company also published a full list of the affected chips.
The company also emphasized how difficult it would be to exploit this vulnerability: it compared using Sinkclose to accessing bank vaults – you need to bypass alarms, guards, vault doors, and other security measures.
IOActive is not releasing any evidence or code while AMD is working on fixes. The researchers warned that speed was critical, saying that “if the foundation is compromised, the security of the entire system is compromised.”