A young Israeli vulnerability research company makes headlines with sudden exposure to 13 types of loopholes that affect the Zen processors
While processor companies still lick the wounds left by the known security holes Who received the titles Spectre and Meltdown, And needed a variety of different patch updates that created quite a few new issues of their own - it seems thatAMD Another heavy weight on the shoulders falls in the form of 13 loopholes Security News related to its latest products, which are divided into four groups, all of which were revealed at the same time by an Israeli company, only 24 hours after the developer had updated the details.
An 20 study paper describes a variety of methods of attack and security vulnerability in the Zen architecture AMD, Which examined all the products available on the market today: from the EPYC processors to the server world (where harming them also means harm to their Threadripper brothers, it seems)RYZEN and the-RYZEN Pro desktop and up toRYZEN Mobile devices that are integrated into the mobile world.
A mechanism called Chimera utilizes gaps Security Known as ASMedia products, which helped develop the dedicated chipsets in the Ryzen and Ryzen Pro desktop processors to prove the potential for attack and damage to both the computer operating system and all the devices connected to the interfaces USB, SATA andPCI-Express To an array, all of which pass through the same chipset.
Mechanisms called Fallout and Ryzenfall include a number of methods for reading information, writing information, and running external malicious code based on the designated security system in the labs AMD Which is based on the A5 Cortex chip and the company's technologies ARM - where the Fallout method has been proven to be dangerous for the massive EPYC processors, while Ryzenfall as such is detrimental to theRYZEN Of all kinds.
The last and not-really-likable mechanism is called Masterkey and includes attack and damage through the hardware of the spoken Cortex A5 that is integrated in the models - with the ability to disable mechanisms Security Of the processors as part of a malicious malicious firmware update. Given that these firmware updates have become easier and simpler than ever before, you can certainly imagine a situation in which we receive attempts to distribute such an offensive update under the guise of another application or extension.
On the face of it, it would be quite a challenge to exploit some of the breaches that have been discovered, but a similar statement can be made Most variations of Spectre and Meltdown - When this time too it is doubtful whether it will comfort the average consumer who does not specialize in the field, but is certainly afraid of the theoretical ability to harm his personal computers and gain access to his files and details. AMD Will have to provide a solution to the gaps, and there is a high chance that in this case too, a simple and standard program update will not suffice to close the cracks.
Question mark exposure?
Throughout the network, questions about the source of this comprehensive security problem began to arise almost immediately. The Israeli CTS Labs company is described as being established only a year ago and is located in Tel Aviv and includes only four employees, with no previous reports of loopholes Security In other systems and products.
Many (including factors inAMD Itself) expressed astonishment about the scope of its discovery and its documentation professionalism, which included a dedicated site, professional graphic descriptions with a logo and a corresponding name for each method, declarations to the media and channel videos YouTube Which opens a few days before exposure. There do not appear to be any claims about the very existence of the security issues, but there is certainly concern that the source behind the information may be a deliberate hand in tarnishing the chip developer's reputation - perhaps as part of an attempt to run the company's stock.
Now there seems to be a good reason to wait for the official responses from me AMD, To understand whether she accepts or rejects the allegations and accusations - and especially how she plans to act to correct the gaps and make sure that these do not recur in the family.RYZEN Upcoming 2000, and other products. Watch for updates.