Subj : Some of the top AMD chips are suffering a serious security flaw
To   : All
From : TechnologyDaily
Date : Wed May 03 2023 16:30:02

Some of the top AMD chips are suffering a serious security flaw

Date:
Wed, 03 May 2023 15:08:50 +0000

Description:
A novel flaw can be used to read sensitive content on AMD Zen chips, 
researchers warn.

FULL STORY
======================================================================

Cybersecurity researchers from the Technical University of Berlin have 
discovered a flaw in some AMD hardware that might allow threat actors to read 
sensitive, encrypted content from the endpoint . 

The feasibility of the method is questionable though, as it requires physical 
access to the device for several hours in order to be fully leveraged. 

According to the researchers technical paper, the AMD firmware-based Trusted 
Platform Module (fTPM/TPM) carries the flaw, which they dubbed faulTPM. The 
flaw could be compromised via a voltage fault injection, allowing malicious 
actors to potentially read the contents of apps that fully rely on TPM-based 
security such as BitLocker. Acknowledging the flaw 

To pull the feat off, the researchers bought off-the-shelf hardware for 
roughly $200, and targeted AMDs Platform Security Processor (PSP) found in 
Zen 2 and Zen 3 chips (we dont know if Zen 4 chips are vulnerable). They also 
need physical access to the target device for several hours, they said. 

Commenting on the news to Toms Hardware, AMD said it was aware of the report 
and is working to understand potential new threats: AMD is aware of the 
research report attacking our firmware trusted platform module which appears 
to leverage related vulnerabilities previously discussed at ACM CCS 2021, the 
companys spokesperson told the publication. 

This includes attacks carried out through physical means, typically outside 
the scope of processor architecture security mitigations. We are continually 
innovating new hardware-based protections in future products to limit the 
efficacy of these techniques. Specific to this paper, we are working to 
understand potential new threats and will update our customers and end-users 
as needed. Read more 

> New vulnerability in AMD Ryzen CPUs could seriously jeopardize performance 


 > Ryzen CPU firmware bug is fixed, but AMD has bigger problems 


 > Check out the best malware removal services right now 

The publication also says that the papers released at ACM CCS 2021 discussed 
a glitching attack and did not use the attack vendor to compromise the TPM, 
which makes this researchs findings a novel cyberattack method. 

More details can be found on this link . Here's our take on the best 
firewalls at the moment 

Via: Tom's Hardware



======================================================================
Link to news story:
https://www.techradar.com/news/some-of-the-top-amd-chips-are-suffering-a-serio
us-security-flaw


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.