AMD With Major Security Flaw. Millions at Risk
Got an AMD processor? Well, you’ve got a problem too. The latest security flaw, dubbed “Sinkclose,” allows you to take over your computer in an undetectable way.
Enrique Nissim and Krzysztof Okupski with IOActive discovered a security flaw that applies to virtually all AMD processors released since 2006. It allows an attacker to deeply infiltrate a system, making it extremely difficult to detect or remove the malware.
Sinkclose is undetectable by antivirus programs
Gap Sinkclose allows code to be executed in AMD’s System Management Mode (SMM), a highly privileged area typically reserved for critical firmware operations. However, to exploit it, you must first gain access to the system kernel.
Once security has been compromised, installing bootkit software is a mere formality. This makes it impossible for standard antivirus applications to detect and remove the virus. Even reinstalling the system won’t help.. It will be necessary to physically connect the programmer to the motherboard’s memory.
The flaw exploits a feature in AMD processors known as TClose, which is designed to maintain compatibility with older devices. By manipulating this feature, researchers at IOActive were able to run their own code at the SMM level. The method is complex, but it gives attackers deep and persistent control over the system.
Enrique Nissim and Krzysztof Okupski discovered the vulnerability 10 months agobut it will only now be publicly presented at the upcoming Defcon conference. AMD was informed first to have time to react and fix the problem. A special patch has already been released for some CPUsincluding EPYC server and Ryzen consumer processors. However, it does not cover all systems yet..