Undetected Backdoor Discovered: How a Security Glitch Endangers AMD CPU Users with Stealthy Malware
Undetected Backdoor Discovered: How a Security Glitch Endangers AMD CPU Users with Stealthy Malware
Security researchers at IOActive have discovered a critical flaw in almost two dozen AMD processor models. Attackers can exploit the vulnerability to infect a CPU with malware that loads before the operating system, but you probably don’t need to worry about it.
The security firm IOActive called the vulnerability “Sinkclose,” which has existed in PC, data center, and embedded (chips used in cars or industrial equipment) AMD processors since 2006. In order to keep AMD chips backwards compatible, the chipmaker added a feature that can modify privileged CPU configurations. It’s that CPU flaw which security researchers have managed to exploit.
By exploiting Sinkclose, malicious actors can modify processor configurations which are otherwise highly protected and only accessible to the System Management Mode (SMM). System Management Mode operates at a higher privilege level than the operating system. And because of that, any changes made to it are invisible and inaccessible to the OS.
In theory, threat actors could use this elevated access to install malware that runs on boot, before the operating system . Reinstalling the OS, wiping the storage, or antivirus software cannot get rid of it. You would have to physically link with the processor using a special programming device to detect and remove such malware.
Thankfully, t’s incredibly difficult to successfully execute this attack. For starters, the attackers will need kernel level access (kernel is an operating system’s core which has complete control over the entire OS). Modern operating systems have safeguards against unauthorized kernel access, so the attackers will have to bypass many layers of security to make it work. So while kernel exploits do exist, the threat Sinkclose poses is minimal for the average person.
In response to IOActive’s investigation, AMD has released a list of vulnerable processors , along with some mitigation tips. The company is also working on security patches for the affected processors.
Source: IOActive
- Title: Undetected Backdoor Discovered: How a Security Glitch Endangers AMD CPU Users with Stealthy Malware
- Author: George
- Created at : 2024-09-17 00:58:19
- Updated at : 2024-09-21 19:09:01
- Link: https://hardware-tips.techidaily.com/undetected-backdoor-discovered-how-a-security-glitch-endangers-amd-cpu-users-with-stealthy-malware/
- License: This work is licensed under CC BY-NC-SA 4.0.