1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • AMD hardware security tricks can be bypassed with a shock of elec

    From TechnologyDaily@1337:1/100 to All on Fri Aug 13 15:45:04 2021
    AMD hardware security tricks can be bypassed with a shock of electricity

    Date:
    Fri, 13 Aug 2021 14:26:45 +0000

    Description:
    Researchers override the hardware security mechanisms in AMD Zen processors with a very precise jolt of electricity.

    FULL STORY ======================================================================

    Academics researchers have demonstrated a successful attack strategy to get around the protections provided by AMD s famed Secure Encrypted
    Virtualization (SEV) technology.

    AMD SEV leverages the AMD Secure Processor (AMD-SP) to separate security-sensitive operations from software executing elsewhere in order to safeguard virtual machines ( VM ) in untrusted environments.

    Researchers from Technische Universitt (TU) Berlin's Security in Telecommunications group, describe how they succeeded in mounting a voltage fault injection attack, in a paper aptly titled "One Glitch to Rule Them All: Fault Injection Attacks Against AMDs Secure Encrypted Virtualization" Protect your devices with these best antivirus software These are the best ransomware protection tools Here's our choice of the best malware removal software on
    the market

    A successful attack enables the perpetrator to execute custom payloads on the AMD-SP that ships with all AMD SEV processors currently in the market, including Naples (Zen 1), Rome (Zen 2), and Milan (Zen 3). Rude shock

    According to The Register s parsing of the paper, the bypass technique involves manipulating the input voltage to AMD systems on a chip ( SoC ), in order to induce an error in the read-only memory (ROM) bootloader of the AMD-SP.

    Notably, the attack relies on cheap, off-the-shelf components, including a
    $30 Teensy Controller, and a $12 flash programmer.

    However, to attack cant be executed remotely and needs physical access to the server. An AMD spokesperson also flagged this fact when contacted by The Register , rendering any real-world implications of the vulnerability moot, unlike earlier vulnerabilities .

    In addition to highlighting the issue, the researchers also suggested a
    couple of mitigations. One reportedly involves modifying software or hardware to detect voltage modulation, while the other involves the addition of additional circuitry to defend against voltage glitches. Take a look at our list of the best virtual machine software in 2021

    Via The Register



    ======================================================================
    Link to news story: https://www.techradar.com/news/amd-hardware-security-tricks-can-be-bypassed-wi th-a-shock-of-electricity/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)