08-11-2024, 01:50 AM
I thought I would share this here because it is strictly a 'computer' thing... particularly, AMD systems.
For many of us, the distinction between them is lost... except now for this reporting.... we'll see what comes of it...
From ArsTechnica: Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips
What the article title doesn't say is that the discovery of this "bug" includes that it has existed for many years (it dates back in AMD chip since 2006.)
Also, that once malicious code is deployed via this 'vulnerability' removing it is nearly impossible for a regular use (the ArsTechnica article was subtitled "Worse-case scenario: "You basically have to throw your computer away."... not encouraging at all.
At the Defcon hacker conference, Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, plan to present a vulnerability in AMD chips they're calling Sinkclose. The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode, designed to be reserved only for a specific, protected portion of its firmware. IOActive's researchers warn that it affects virtually all AMD chips dating back to 2006, or possibly even earlier.
Nissim and Okupski note that exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server, but that the Sinkclose flaw would then allow them to plant their malicious code far deeper still. In fact, for any machine with one of the vulnerable AMD chips, the IOActive researchers warn that an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity. For systems with certain faulty configurations in how a computer maker implemented AMD's security feature known as Platform Secure Boot—which the researchers warn encompasses the large majority of the systems they tested—a malware infection installed via Sinkclose could be harder yet to detect or remediate, they say, surviving even a reinstallation of the operating system.
“Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it's still going to be there,” says Okupski. “It's going to be nearly undetectable and nearly unpatchable.” Only opening a computer's case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.
Nissim sums up that worst-case scenario in more practical terms: “You basically have to throw your computer away.”
[Bold and underlining is mine]
Not trying to "doom porn" this thing, but remember, these companies implement these products with many 'security' assurances... (Intel is no different, they found a different exploit from 2015 in their code too)... and it always seems to pop up that the problems are from ages ago, in tech-time terms...
For many of us, the distinction between them is lost... except now for this reporting.... we'll see what comes of it...
From ArsTechnica: Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips
What the article title doesn't say is that the discovery of this "bug" includes that it has existed for many years (it dates back in AMD chip since 2006.)
Also, that once malicious code is deployed via this 'vulnerability' removing it is nearly impossible for a regular use (the ArsTechnica article was subtitled "Worse-case scenario: "You basically have to throw your computer away."... not encouraging at all.
At the Defcon hacker conference, Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, plan to present a vulnerability in AMD chips they're calling Sinkclose. The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode, designed to be reserved only for a specific, protected portion of its firmware. IOActive's researchers warn that it affects virtually all AMD chips dating back to 2006, or possibly even earlier.
Nissim and Okupski note that exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server, but that the Sinkclose flaw would then allow them to plant their malicious code far deeper still. In fact, for any machine with one of the vulnerable AMD chips, the IOActive researchers warn that an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity. For systems with certain faulty configurations in how a computer maker implemented AMD's security feature known as Platform Secure Boot—which the researchers warn encompasses the large majority of the systems they tested—a malware infection installed via Sinkclose could be harder yet to detect or remediate, they say, surviving even a reinstallation of the operating system.
“Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it's still going to be there,” says Okupski. “It's going to be nearly undetectable and nearly unpatchable.” Only opening a computer's case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.
Nissim sums up that worst-case scenario in more practical terms: “You basically have to throw your computer away.”
[Bold and underlining is mine]
Not trying to "doom porn" this thing, but remember, these companies implement these products with many 'security' assurances... (Intel is no different, they found a different exploit from 2015 in their code too)... and it always seems to pop up that the problems are from ages ago, in tech-time terms...
