Researchers at IOActive have discovered a critical vulnerability in AMD processors that allows hackers to plant virtually unremovable malware. The issue affects millions of computers and servers worldwide, reports Wired edition.
The vulnerability, dubbed Sinkclose, was discovered in the system management mode (SMM) of AMD processors. This mode has high privileges and is designed to perform critical system functions. Attackers can use Sinkclose to inject malicious code into the deepest layers of firmware by changing the SMM configuration, making it virtually impossible to detect and remove.
Enrique Nissim and Krzysztof Okupski of IOActive, who discovered the vulnerability, plan to detail it at the upcoming Defcon hacker conference tomorrow. According to them, Sinkclose affects almost all AMD processors manufactured since 2006, and possibly earlier.
The researchers warn that hackers would need a certain level of access to an AMD-based computer or server to exploit the vulnerability, but Sinkclose would then give them the ability to embed malware even deeper. On most tested systems that improperly implemented the Platform Secure Boot security feature, a virus installed via Sinkclose would be virtually impossible to detect and remove, even after reinstalling the operating system.
“Imagine if hackers from the secret service or someone else wanted to gain a foothold in your system. Even if you completely wiped the hard drive, the virus would still be there,” says Okupski. According to him, the only way to remove such a virus is to physically connect to the computer’s memory with an SPI Flash programmer and scan it thoroughly. “In the worst case, you’ll just have to throw the computer away,” Nissim concludes.
In a statement to Wired, AMD confirmed IOActive’s discovery, thanking the researchers and reporting that it has already released fixes for EPYC and Ryzen processors, with patches for embedded systems coming soon. However, AMD did not disclose details about how exactly the Sinkclose vulnerability will be fixed or for which devices.
At the same time, AMD emphasizes the difficulty of exploiting this vulnerability, since an attacker must have access to the operating system kernel to use it. However, Nissim and Okupski counter that for experienced hackers, obtaining such access is not a problem thanks to regularly appearing bugs in Windows and Linux.
The researchers warn that after the presentation at Defcon, although the details of the exploit will not be made public, experienced hackers may be able to figure out how the technology works, so users are advised to install AMD patches as soon as they become available.
If you notice an error, select it with your mouse and press CTRL+ENTER.