![]() This may cause data from another process and/or thread to be stored in the YMM register, which may allow an attacker to potentially access sensitive information.” The fact that it can steal data from virtual machines is especially worrying, given the fact that it affects AMD EPYC CPUs that run in data centers.ĪMD deemed Zenbleed to be of medium severity, describing the flaw as follows: “Under specific microarchitectural circumstances, a register in “Zen 2” CPUs may not be written to 0 correctly. This attack affects every kind of software that’s running on the processor, including virtual machines and sandboxes. Zenbleed exploits a flaw in Zen 2 chips to extract data at a rate of 30kb per core, so the better the processor, the faster the extraction. However, productivity applications take a hit during many workloads, with performance drops ranging from 1% to 16% depending on the software. Gamers remain virtually unaffected, so you can rest easy if you use your CPU inside a gaming PC. Tom’s Hardware tried the software solution in order to see just how badly performance can be affected by a possible fix, and the news isn’t great, but it could also be worse. If you have an AMD GPU, stay away from the latest Windows UpdateĪMD FSR (FidelityFX Super Resolution): everything you need to know Specific to this paper, we are working to understand potential new threats and will update our customers and end-users as needed.AMD’s new anti-lag tech could land you with a ban in games The spokesman added, "We are continually innovating new hardware-based protections in future products to limit the efficacy of these techniques. This includes attacks carried out through physical means, typically outside the scope of processor architecture security mitigations." "Applications relying exclusively on the TPM are left entirely unprotected," Jacob said, "while those employing multiple layers of defense face the loss of their TPM-based security layer." Materials used to undertake such attacks are inexpensive and easily available, he added.Īn AMD spokesman, responding to an inquiry from Tom's Hardware, said, "AMD is aware of the research report attacking our firmware trusted platform module which appears to leverage related vulnerabilities previously discussed at ACM CCS 2021. Jacob said his team believes their findings are "the first attack against Full Disk Encryption solutions backed by an fTPM." He said systems relying on a single defense mechanism, such as Bitlocker's TPM-only protector, can be overwhelmed by hackers who can gain access to a CPU for two or three hours. In the wake of skyrocketing firmware attacks-phishing, ransomware, supply chain-Microsoft in 2021 required users to have a PC supporting TPM in order to install Widows 11.Īt that time, director of enterprise and OS security at Microsoft David Weston explained the reason for the move was "to protect encryption keys, user credentials, and other sensitive data behind a hardware barrier so that malware and attackers can't access or tamper with that data."Īs a result, many applications that underwent redesign to accommodate TPM 2.0 specifications are now vulnerable to hacking. Jacob said that while discrete TPMs are still used in higher-end systems, fTPMs have proven to be convenient, more affordable alternatives for use in CPUs. The fTPM was designed to incorporate encryption duties inside the chip, thus making a separate component, a potential entryway to hackers, unnecessary. ![]() But the bus was vulnerable, providing an entryway for hackers targeting the CPU. They required an external bus to connect with the CPU. TPMs originally were designed as discrete components physically attached to the motherboard to generate hardware-based encryption. One method of attack utilizes a voltage fault injection that tricks Zen 2 and Zen 3 CPUs into accepting false data that can be used to compromise any application or encryption process exclusively using TPM security. ![]() This allows for extraction of cryptographic data stored in the fTPM, bypassing authentication barriers such as Platform Configuration Register validation and defenses against brute force attacks on passphrases.Īttacking a system's Trusted Execution Environment (TEE) "can lead to a full TPM state compromise," Hans Niklas Jacob warned in a paper, titled "faulTPM: Exposing AMD fTPMs' Deepest Secrets" and released last week on the arXiv preprint server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |