k**0 发帖数: 19737 | 1 AMD's Ryzen Chips Vulnerable to New Attacks
Researchers have found 13 critical security vulnerabilities in AMD's Ryzen
and EPYC processors that can infect the PCs with malware, give attackers
access to important data, read and write files and take over chipsets
entirely. CNET first reported on the issues.
The vulnerabilities were discovered by Israeli security firm CTS-Labs, which
gave AMD less than 24 hours' notice before CTS-Labs disclosed the issues. (
Standard security-research practice is to provide the vendor with 90 days'
notice.) However, CTS-Labs is cagey about the technical details, which may
make the attacks exploiting the flaws difficult to reproduce.
The flaws and their related attacks fall into four camps, which CTS-Labs
named Masterkey, Ryzenfall, Chimera and Fallout.
"At AMD, security is a top priority and we are continually working to ensure
the safety of our users as new risks arise," an AMD spokesperson told
Laptop Mag. "We are investigating this report, which we just received, to
understand the methodology and merit of the findings."
Masterkey can affect the widest swath of machines, including laptops (
running Ryzen Mobile), powerful creative machines (with Ryzen Pro) and
workstations and servers (running Ryzen Workstation and EPYC Server chips,
respectively). The attack involves reflashing the BIOS, which can be done
via malware infection. Successful exploitation of the flaw would let
attackers disable security features and even launch unwanted programs upon
startup.
Ryzenfall, Chimera and Fallout are less of a direct threat, because they
each require that an attacker must "be able to run a program with local-
machine elevated administrator privileges" and supply "a driver that is
digitally signed by the vendor," according to the researchers' white paper.
(Simpler explanations are at the new website dedicated to promoting the
flaws, AMDFlaws.com.)
If bad actors, even those without direct physical access, had that kind of
power on a machine, they could do whatever they wanted anyway. Supplying a
spoofed digital signature isn't within the skill set of most ordinary
cybercriminals.
Ryzenfall makes it possible for attackers to target any Ryzen-based machine
and use malicious code to take over the processor completely, which would
allow access to all sorts of protected data, including passwords. The
researchers suggest that there are parts of the CPU that Ryzenfall can
access that previous attacks couldn't get to.
Chimera, which affects Ryzen Workstation and Ryzen Pro machines, has two
variants: hardware and firmware. On the hardware site, the chipset allows
for malware to be run, so it can be infected through Wi-Fi, Bluetooth or
other wireless traffic. On the firmware side, there's the issues that
malware can be put directly on the CPU. But you have to weaken the processor
with the Chimera attack first.
Fallout is likely to affect only enterprises, as it is limited to EPYC
server chips. It lets attackers both read and write from protected memory
areas, including Windows Defender Credential Guard, which stores data in a
separated part of the operating system. We have reached out to Microsoft
about this and will update if it gets back to us.
Researchers told CNET that these flaws might take several months to fix,
although AMD has yet to provide a timeline. At the moment, the best option
is to always keep your operating system updated, and, when possible, install
the latest patches from your machine's vendor or from AMD. These are the
same tips to follow if your machine is affected by Spectre or Meltdown,
which affected Intel, AMD and ARM Processors.
https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-
its-own/ |
|