Researchers from security firm IOActive warn that a major flaw in AMD processor firmware could give attackers access to deep control over a computer, leading to "unfixable" infections. Firmware is a type of software that helps the hardware to run as expected, essentially making this "software for hardware" a major target for hackers who want near-complete control over your PC.
As reported by Wired , the "sinkclose" flaw in AMD's firmware exists in almost every AMD chip since 2006 and presents a significant threat under the right conditions. If hackers did gain access to your laptop via the Sinkclose vulnerability, researchers indicated that "You would basically have to throw your computer away."
IOActive researchers Enrique Nissim and Krzysztof Okupski identified the flaw, referring to the vulnerable AMD chips as "Sinkclose." The duo plans to present the vulnerability in the AMD chipsets on August 10 at the Defcon hacker conference in Las Vegas, Nevada.
Laptop Mag contacted AMD for further comment on Sinkclose but did not receive a response in time for publication.
What does the "Sinkclose" flaw do?
The firmware vulnerability identified by Nissim and Okupski would allow hackers to run their own code in AMD's System Management Mode, which is intended to run the processor's firmware. This "Sinkclose" vulnerability would allow an attacker to infect the computer with a "bootkit" type of malware that targets the Master Boot Record. Bootkit malware can evade antivirus software and is potentially invisible to the operating system.
A hacker must have already gained access to a PC or server to exploit the System Management Mode controls, which is one reason AMD is downplaying the concern. In a background statement to Wired, AMD company compared the Sinkclose method to "accessing a bank's safe-deposit boxes after already bypassing its alarms, the guards, and vault door."
However, the vulnerability would allow a hacker such deep control of a PC that it would be functionally impossible to salvage it, and the vulnerability affects nearly all AMD chips manufactured since 2006, if not earlier. So while hackers would only likely attempt this on high-value targets, it should not be completely ignored.
AMD has acknowledged IOActive's findings in a statement to Wired , noting that the company had released mitigation options for the "Sinkclose" flaw in EPYC server processors and Ryzen consumer processors and that the vulnerability has been patched out of the EPYC server CPUs earlier this year.
AMD has released a list of all affected processors on its security page , including the Ryzen 3000 through 7000 series for laptop owners.
What this means for you
Unfortunately, because the vulnerability lies in AMD's firmware, users can only wait for a firmware update to patch it. As most affected systems will be Windows machines, those firmware updates will likely be rolled into future Windows system updates.
Once those patches become available, any AMD PC owner should install the updates immediately.
More from Laptop Mag
Most Popular
Comments / 0