Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Some of the top AMD chips are suffering a serious security flaw

AMD Ryzen 5 7600X processor

Cybersecurity researchers from the Technical University of Berlin have discovered a flaw in some AMD hardware that might allow threat actors to read sensitive, encrypted content from the endpoint

The feasibility of the method is questionable though, as it requires physical access to the device for several hours in order to be fully leveraged. 

According to the researchers’ technical paper, the AMD firmware-based Trusted Platform Module (fTPM/TPM) carries the flaw, which they dubbed “faulTPM”. The flaw could be compromised via a “voltage fault injection”, allowing malicious actors to potentially read the contents of apps that fully rely on TPM-based security such as BitLocker.

Acknowledging the flaw

To pull the feat off, the researchers bought off-the-shelf hardware for roughly $200, and targeted AMD’s Platform Security Processor (PSP) found in Zen 2 and Zen 3 chips (we don’t know if Zen 4 chips are vulnerable). They also need physical access to the target device for “several hours”, they said. 

Commenting on the news to Tom’s Hardware, AMD said it was aware of the report and is working to understand potential new threats: “AMD is aware of the research report attacking our firmware trusted platform module which appears to leverage related vulnerabilities previously discussed at ACM CCS 2021,” the company’s spokesperson told the publication. 

“This includes attacks carried out through physical means, typically outside the scope of processor architecture security mitigations. We are continually innovating new hardware-based protections in future products to limit the efficacy of these techniques. Specific to this paper, we are working to understand potential new threats and will update our customers and end-users as needed.” 

The publication also says that the papers released at ACM CCS 2021 discussed a glitching attack and did not use the attack vendor to compromise the TPM, which makes this research’s findings a novel cyberattack method.

More details can be found on this link.

Via: Tom's Hardware

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.