All AMD Zen were vulnerable to hardware bugs: AMD Secure Processor does not help

A group of researchers from Cornell University showed, how easy it is to plant a bug on the motherboard for any of the processors based on AMD Zen cores of all current generations. Penny hardware allows you to trick the AMD Secure Processor (SP) security block built into ARM processors and take full control of your computer and data streams. There are no software patches to fix this vulnerability and will never be. It is necessary to change the architecture of the Secure Processor itself.

The presented version of the vulnerability does not pose a threat to most ordinary users, but it poses a threat to cloud providers and large organizations. Its implementation requires physical access to the equipment (motherboards), which is available to the technical staff. And it’s especially unpleasant that it’s impossible to detect the bug with software – it doesn’t use exploits or other software-based malware injection mechanisms. The server immediately passes under the control of the attacker, even to the extent of forging all internal telemetry.

The discovered vulnerability is implemented through a controlled power failure of the SP security unit as part of an AMD Zen, Zen 2, or Zen 3 processor. An attacker connects his controller to the voltage regulator bus that controls the processor’s power supply and to the processor’s power supply reset line. Once configured, the controller automatically initiates voltage surges on the supply rail of the voltage regulator. Due to this, in case of a successful outcome for the attacker, the SP block recognizes the “fake” key as trusted and allows the processor to load the modified firmware signed with this key. If this does not happen, then the controller sends a signal to reset the processor on power supply and everything starts again until the attacker’s key is recognized as trusted. This technique is said to always work, although the waiting time can range from a few minutes to an hour.

According to the researchers, the presented technique increases the server load time, and this can be noticed, but for corporate systems with a huge amount of memory, such a change can elude the attention of administrators. To defend against this threat, AMD needs to integrate voltage manipulation protection mechanisms into its SP. Otherwise, AMD-based servers will remain vulnerable, which could be exploited by foreign intelligence, competitors or ransomware. You can read a little more about the hacking technology at this link

About the author

Dylan Harris

Dylan Harris is fascinated by tests and reviews of computer hardware.

Add Comment

Click here to post a comment