A young Israeli vulnerability research company makes headlines with sudden exposure to 13 types of loopholes that affect the Zen processors
While processor companies still lick the wounds left by the known security holes Who received the titles Spectre and Meltdown, And needed a variety of different patch updates that created quite a few new issues of their own -AMD Another heavy weight on the shoulders falls in the form of 13 loopholes Security News related to its latest products, which are divided into four groups, all of which were revealed at the same time by an Israeli company, only 24 hours after the developer had updated the details.
An 20 study paper describes a variety of methods of attack and security vulnerability in the Zen architecture AMD, Which examined all the products available on the market today: from the EPYC processors to the server world (where harming them also means harm to their Threadripper brothers, it seems)RYZEN and the-RYZEN Pro desktop and up toRYZEN Mobile devices that are integrated into the mobile world.
A mechanism called Chimera utilizes gaps Security Known as ASMedia products, which helped develop the dedicated chipsets in the Ryzen and Ryzen Pro desktop processors to prove the potential for attack and damage to both the computer operating system and all the devices connected to the interfaces USB, SATA andPCI-Express To an array, all of which pass through the same chipset.
Mechanisms called Fallout and Ryzenfall include a number of methods for reading information, writing information, and running external malicious code based on the designated security system in the labs AMD Which is based on the A5 Cortex chip and the company's technologies ARM - When the Fallout method has proven to be a risk to the massive EPYC processors, while Ryzenfall as such is affecting theRYZEN Of all kinds.
A final and not very likeable mechanism is called Masterkey and includes attack and damage through the hardware of the Cortex A5 spoken core integrated with models - with the ability to cancel mechanisms Security Of the processors as part of a malicious malicious firmware update. Given that these firmware updates have become easier and simpler than ever before, you can certainly imagine a situation in which we receive attempts to distribute such an offensive update under the guise of another application or extension.
On the face of it, it would be quite a challenge to exploit some of the breaches that have been discovered, but a similar statement can be made Most variations of Spectre and Meltdown - This time too, it is doubtful that it will comfort the average consumer who does not specialize in the field, but is certainly concerned about the theoretical ability to damage his personal computers and gain access to his files and details. AMD Will have to provide a solution to the gaps, and there is a high chance that in this case too, a simple and standard program update will not suffice to close the cracks.
Question mark exposure?
Throughout the network, questions about the source of this comprehensive security problem began to arise almost immediately. The Israeli CTS Labs company is described as being established only a year ago and is located in Tel Aviv and includes only four employees, with no previous reports of loopholes Security In other systems and products.
Many (including factors inAMD Itself) expressed astonishment about the scope of its discovery and its documentation professionalism, which included a dedicated site, professional graphic descriptions with a logo and a corresponding name for each method, declarations to the media and channel videos YouTube Which opens just days before the exposure. There do not appear to be any claims about the existence of the security issues, but there is certainly concern that the source behind the information may be a deliberate hand to tarnish the chip developer's reputation - perhaps as part of an attempt to run the company's shares.
Now there seems to be a good reason to wait for the official responses from me AMD, To understand whether she accepts or rejects the allegations and accusations - and in particular how she plans to act to correct the gaps and ensure that these are not repeated in the family.RYZEN Upcoming 2000, and other products. Watch for updates.