Almost unfixable “Sinkclose” bug affects hundreds of millions of AMD chips


  • Staff

 Ars Technica:

Security flaws in your computer's firmware, the deep-seated code that loads first when you turn the machine on and controls even how its operating system boots up, have long been a target for hackers looking for a stealthy foothold. But only rarely does that kind of vulnerability appear not in the firmware of any particular computer maker, but in the chips found across hundreds of millions of PCs and servers. Now security researchers have found one such flaw that has persisted in AMD processors for decades, and that would allow malware to burrow deep enough into a computer's memory that, in many cases, it may be easier to discard a machine than to disinfect it.

At the Defcon hacker conference, Enrique Nissim and Krzysztof Okupski, researchers from the security firm IOActive, plan to present a vulnerability in AMD chips they're calling Sinkclose. The flaw would allow hackers to run their own code in one of the most privileged modes of an AMD processor, known as System Management Mode, designed to be reserved only for a specific, protected portion of its firmware. IOActive's researchers warn that it affects virtually all AMD chips dating back to 2006, or possibly even earlier.

Nissim and Okupski note that exploiting the bug would require hackers to already have obtained relatively deep access to an AMD-based PC or server, but that the Sinkclose flaw would then allow them to plant their malicious code far deeper still. In fact, for any machine with one of the vulnerable AMD chips, the IOActive researchers warn that an attacker could infect the computer with malware known as a “bootkit” that evades antivirus tools and is potentially invisible to the operating system, while offering a hacker full access to tamper with the machine and surveil its activity. For systems with certain faulty configurations in how a computer maker implemented AMD's security feature known as Platform Secure Boot—which the researchers warn encompasses the large majority of the systems they tested—a malware infection installed via Sinkclose could be harder yet to detect or remediate, they say, surviving even a reinstallation of the operating system.

“Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it's still going to be there,” says Okupski. “It's going to be nearly undetectable and nearly unpatchable.” Only opening a computer's case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.

Nissim sums up that worst-case scenario in more practical terms: “You basically have to throw your computer away.”


 Read more:

 
so much for TPM, secure boot and any other measures then.
best of luck. Steve ..
 

My Computers

System One System Two

  • OS
    Win 11 Home 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    250GB C:/Windows .. 750GB D:/Home.
    2x 1TB USB HDD External Backup/Storage.
    Internet Speed
    900MB full fibre
    Browser
    Vivaldi .. Browser, Calendar, eMail.
    Antivirus
    AVG Internet Security
    Other Info
    Mainly Open Source Software
  • Operating System
    Windows 11 Home 24H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 5 5500u
    Motherboard
    HP
    Memory
    32GB DDR4 3200
    Graphics card(s)
    AMD Radeon GPU
    Sound Card
    RealTek
    Monitor(s) Displays
    HP
    Hard Drives
    1TB WD blue SN580 M2 SSD Partitioned.
    250GB C:/Windows .. 750GB D:/Home.
    2x 1TB HDD External Backup/Storage.
    Internet Speed
    900MB Full Fibre
    Browser
    Microsoft Edge
    Antivirus
    AVG Internet Security
    Other Info
    Mainly Windows Software
    'The Wife's Computer'
Yes, and the cpu in my desktop is not going to be patched. Too old, apparently.
Unfortunately, my desktop does everything I need, and upgrading now seems an unnecessary expense.
Reading more about this particular vulnerability, I see that malware will need kernel access to implement it, so good firewall and antivirus protection should prevent that happening - unless you are a target for Nation State operators who will have a selection of zero day methods to penetrate such protections.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Home built
    CPU
    Ryzen 3900x
    Motherboard
    Gigabyte Aorus Master x570 rel 1.0
    Memory
    32GB (2x16) @ 3600 MHz Corsair Vengeance LPX
    Graphics Card(s)
    Gigabyte Windforce RTX 2080
    Sound Card
    No separate sound card.
    Monitor(s) Displays
    Dell U2718Q
    Screen Resolution
    3840x2160
    Hard Drives
    1TB WD-Black SN850; 1TB Samsung Sata 850 Evo; 4 TB WD Blue Sata SA510 2.5''; 4TB Samsung Sata SSD 870 EVO 2.5".
    PSU
    Be Quiet Dark Power Pro 11 750W
    Case
    Lian Li PC-8FIB
    Cooling
    CPU: Noctua NH-U12A; Case: BeQuiet + Lian Li fans.
    Keyboard
    Steelseries Apex 7 brown keys.
    Mouse
    Logitech (wired) G403
    Internet Speed
    940 Mb/s down; 105 Mb/s up
    Browser
    Edge (Chromium)
    Antivirus
    Eset Internet Security
    Other Info
    Pioneer blu-ray optical drive.
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Dell Inspiron 7373 2-in-1
    CPU
    Intel Core i7 8th Generation
    Motherboard
    Dell 0HG1FH (U3E1)
    Memory
    8GB DDR4
    Graphics card(s)
    Intel UHD Graphics 620 (Dell)
    Sound Card
    Realtek Audio (on motherboard)
    Monitor(s) Displays
    Touch screen generic monitor
    Screen Resolution
    1920x1080
    Hard Drives
    256GB Micron SATA SSD.
    Internet Speed
    400Mb/s (Wifi)
    Browser
    Edge Chromium
    Antivirus
    Eset Internet Security
    Other Info
    Dell says this system is not Windows 11 capable, but Microsoft seems happy with it.

Latest Support Threads

Latest Tutorials

Back
Top Bottom