Summarize

Simplifying... Inshort

AMD chips have a vulnerability, dubbed 'Sinkclose', that could allow hackers to embed malicious code deep into a computer's memory, leading to persistent system infections.
Despite the severity, AMD assures that exploiting this flaw is not easy and has issued mitigation measures for its EPYC datacenter and Ryzen PC products.
Researchers, however, urge users to promptly patch their systems to ensure security.

Was a long read? Making it simpler...

Next Article

AMD emphasizes that exploiting it is not easy

AMD chips have a vulnerability that allows virtually unfixable infections

By Dwaipayan Roy

Aug 10, 2024

10:32 am

What's the story

Security experts Enrique Nissim and Krzysztof Okupski from IOActive, have uncovered a significant vulnerability in AMD processors. The flaw, dubbed 'Sinkclose,' potentially impacts all AMD chips manufactured since 2006 or even earlier. The researchers caution that this vulnerability could allow an attacker to infect a computer with a 'bootkit' malware, which can evade antivirus software and remain undetected by the operating system. What's worrying that in many cases, it might be easier to discard an infected machine than disinfect it.

Exploitation process

Exploitation of 'Sinkclose' flaw requires deep access

The exploitation of the 'Sinkclose' flaw necessitates that hackers have substantial access to an AMD-based PC or server. Once they gain this level of access, they can embed their malicious code even deeper into the computer's memory. This security loophole could enable cybercriminals to infiltrate the most secure sections of a computer, and execute their own code within the System Management Mode of an AMD chip.

Persistent threat

It can lead to persistent system infections

The 'Sinkclose' flaw poses a significant threat as it can lead to persistent system infections. Okupski warns, "Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it's still going to be there." He further claimed that only by physically connecting directly to a certain portion of its memory chips with an SPI Flash programmer, and meticulously scouring the memory, could one remove the malware.

Mitigation measures

AMD's response to the issue

In response to IOActive's findings, AMD has issued mitigation options for its EPYC datacenter and Ryzen PC products. The company plans to release similar measures for its embedded products soon. Despite acknowledging the severity of the 'Sinkclose' flaw, AMD emphasizes that exploiting it is not easy. The firm likens this technique to accessing a bank's safe-deposit boxes after already bypassing its alarms, guards, and vault door.

Patch recommendation

Researchers urge users to patch their systems promptly

Nissim and Okupski discovered the 'Sinkclose' technique by exploiting an obscure facility of AMD chips known as TClose. They alerted AMD about this flaw in October last year, giving the company nearly 10 months to develop a fix. Despite attempts by AMD or others to downplay 'Sinkclose' as too difficult to exploit, they strongly recommend users patch their systems immediately. Nissim warns, "If the foundation is broken, then the security for the whole system is broken."