Security Hole in AMD CPUs’ Hidden Secure Processor Code Revealed Ahead of Patches

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
There is a security flaw affecting AMD's Platform Security Processor (PSP), which is an integrated coprocessor comparable to Intel’s Management Engine. Luckily, AMD has already addressed the issue, and a patch is scheduled for release later this month.

Unlike some CPUs, the PSP doesn't implement common exploit mitigation techniques such as stack cookies, No-eXecute (NX) flags, or address space layout randomization (ASLR), making exploitation trivial. Cohen's post described the vulnerability as remote code execution flaw. However, physical access is a prerequisite.
 
remote code execution flaw.
Click to expand...
However, physical access is a prerequisite.
Click to expand...

giphy.gif
 
Means that something must be installed by a user to expose the remote execution flaw... still a flaw tho.
 
Revdarian said:
Means that something must be installed by a user to expose the remote execution flaw... still a flaw tho.
Click to expand...

the likely said program is a virus, but it is implemented by the user doing stupid things, this will likely be a torrenter's type issue. It also s eems superfluous to spectre and meltdown.
 
Revdarian said:
Means that something must be installed by a user to expose the remote execution flaw... still a flaw tho.
Click to expand...

OrangeKhrush said:
the likely said program is a virus, but it is implemented by the user doing stupid things, this will likely be a torrenter's type issue. It also s eems superfluous to spectre and meltdown.
Click to expand...
It's even harder than that.
From the article linked in the OP:

An AMD spokesperson told The Register that an attacker would first have to gain access to the motherboard and then modify SPI-Flash before the issue could be exploited. But given those conditions, the attacker would have access to the information protected by the TPM, such as cryptographic keys.
Click to expand...

Bold emphasis is mine.
 
If it can't work without physical access and modification 1st then the remote exploit isn't all that remote to say the least which was his point.

That it requires that level of intrusion to be effective first makes this exploit an incredibly low risk one as well unlike what the more typical connotation of what "remote exploit" would be.
 
If you’ve got physical access there are other exploits like the USB exploit.
 
mesyn191 said:
If it can't work without physical access and modification 1st then the remote exploit isn't all that remote to say the least which was his point.

That it requires that level of intrusion to be effective first makes this exploit an incredibly low risk one as well unlike what the more typical connotation of what "remote exploit" would be.
Click to expand...
sarcasm appears to be lost :) re-read my 1st post (while I finish making a meme)
 
thesmokingman said:
If you have physical access, its already game over.
Click to expand...

Well - No crap. There is just varying levels of sophistication and an exploit like this allows for more covert actions beyond just a dongle sticking out the back.
 
this pales to spectre and meltdown. I'm still fairly skeptical AMD is completely impervious to spectre.
 
Intel shills unite! Ahh, I’m sure there will be lots of shit like this being levelled at AMD in the near future. We can’t have all that bad press to ourselves, can we Intel?

However, if this is what it takes to get those NSA mandated backdoors removed from consumer devices, then so much the better.

There are lots more of this kind of stuff to come... We need another Snowden paper to show us what the US gov has installed on our computers, both in software, and hardware.
 
Last edited:
viscountalpha said:
this pales to spectre and meltdown. I'm still fairly skeptical AMD is completely impervious to spectre.
Click to expand...
Don’t forget about ME. And AMD already have a patch, unlike the vast majority of Intel consumer devices that will never be patched.

But I have to admit that the waters seem a little muddy around this whole thing when it comes to AMD CPUs.
 
"please install this firmware, so that we can hack your AMD x86....thank you" sadly there are people retarded enough to do that. It seems like a lot of work to break into AMD security, much easier to just realtime break into an Intel x86 withouth all the trouble of needing someone to do something stupid.
 
Stimpy88 said:
Don’t forget about ME. And AMD already have a patch, unlike the vast majority of Intel consumer devices that will never be patched.

But I have to admit that the waters seem a little muddy around this whole thing when it comes to AMD CPUs.
Click to expand...

It's pure speculation but I have some real doubts that anything is secure at all if you know where to look.
 
Seriously, what the hell if you have access you have access...i guess its a problem if you are thinking about an employee that wants to put in place shit that will screw you over or something like that? But isn't that ALWAYS an issue.
 
hah wow this time i didn't read the freaking article, i went by the usual wording of physical access prerequisite for a remote exploit.... this is seriously non an issue for just about most of everyone even.

If this is the best mud that they can sling to AMD then it just means that AMD has done an amazing job in every front...
 
Revdarian said:
hah wow this time i didn't read the freaking article, i went by the usual wording of physical access prerequisite for a remote exploit.... this is seriously non an issue for just about most of everyone even.

If this is the best mud that they can sling to AMD then it just means that AMD has done an amazing job in every front...
Click to expand...

It is the case I said all along, intel appologists are trying to deflect attention elsewhere, so they pick a hypothetical where a person has broken into the system already through some kind of hack or backdoor virus or the user install special decrypting bios updates from a dodgy source that breaks the security feature, like this is worse than just about anyone waltzing real time and taking whatever they want remotely.
 
Not sure why the insistence on saying Intels ME and AMDs trusted zone whatever are some kind 'same shit different company' .. granted, i dont know nearly enough, but what i could read about both lead me to understand they are significantly different.. different enough that you shouldn't really mix them as if interchangeable. If im right AMD needs to combat that shit ASAP.
 
viscountalpha said:
this pales to spectre and meltdown. I'm still fairly skeptical AMD is completely impervious to spectre.
Click to expand...

Because your scepticism is based on what exactly ? I have seen some baseless claims even in the Intel thread on the Intel forum that does not mean that many of us are not in a position to judge what is going on.

But guess what is linked here :
https://www.hardocp.com/news/2018/0...rusts_lisa_sus_commitment_to_amd_cpu_security

You can bet that Torvalds is not prone to influence one way or another.
 
Megalith said:
There is a security flaw affecting AMD's Platform Security Processor (PSP), which is an integrated coprocessor comparable to Intel’s Management Engine. Luckily, AMD has already addressed the issue, and a patch is scheduled for release later this month.

Unlike some CPUs, the PSP doesn't implement common exploit mitigation techniques such as stack cookies, No-eXecute (NX) flags, or address space layout randomization (ASLR), making exploitation trivial. Cohen's post described the vulnerability as remote code execution flaw. However, physical access is a prerequisite.
Click to expand...

By comparing the PSP to IME would amount to the same general conclusion that the sun the earth and the moon are also about the same since they are all spherical.
 
Last edited:
All AMD and Intel cpu’s have a remote exploit.....I can break in and steal the entire pc.
 
You must log in or register to reply here.
Back
Top