The page you are looking for is temporarily unavailable.
Please try again later

Technology Researchers find 'critical' security flaws in AMD chips

15:22  14 march  2018
15:22  14 march  2018 Source:   afprelaxnews.com

Why so many diamonds are making science headlines this week

  Why so many diamonds are making science headlines this week They’re windows into the heart of the Earth. A diamond found in South Africa's Cullinan Mine. Researchers found an inclusion in a diamond like this that contains evidence of activity in the heart of the planet. Diamonds have been in the news quite a lot this week, and not because of any celebrity engagement news. Instead, it’s what’s inside that counts.

Generic: Detail of network computers in futuristic server room, blue light - supercomputer Network Server, Technology, Abstract, Futuristic, Control Room© Provided by AFPRelaxNews Generic: Detail of network computers in futuristic server room, blue light - supercomputer Network Server, Technology, Abstract, Futuristic, Control Room Security researchers said Tuesday they discovered flaws in chips made by Advanced Micro Devices that could allow hackers to take over computers and networks.

Israeli-based security firm CTS Labs published its research showing "multiple critical security vulnerabilities and exploitable manufacturer backdoors" in AMD chips.

Loading...

Load Error

CTS itemized 13 flaws, saying they "have the potential to put organizations at significantly increased risk of cyberattacks."

MIT gadget puts multiple artificial organs into a paperback-sized connected system

  MIT gadget puts multiple artificial organs into a paperback-sized connected system If you want to see how a proposed drug affects human physiology, your options are limited — and usually you end up using mice, which are in many ways poor analogues. What's a pharmacologist to do? MIT researchers have a solution: a "body on a chip" thatAnyone can understand the problem, which is simply that mice aren't humans, and tests on them are necessarily limited. There exist quite a few "organ on a chip" platforms (more properly "microphysiological systems), and while they're useful, organs don't exist in isolation — they're part of complex systems that vary from person to person.

The report comes weeks after Intel disclosed similar hardware-based flaws dubbed Meltdown and Spectre, sparking widespread computer security concerns and a congressional inquiry.

CTS said the newly discovered flaws could compromise AMD's new chips that handle applications in the enterprise, industrial and aerospace sectors, as well as consumer products.

In a 20-page white paper, the researchers said the AMD Secure Processor, the gatekeeper responsible for the security of AMD processors, contains "critical vulnerabilities" that "could allow malicious actors to permanently install malicious code inside the Secure Processor itself."

"These vulnerabilities could expose AMD customers to industrial espionage that is virtually undetectable by most security solutions," the researchers said.

Google: Android is just as secure as the other guys

  Google: Android is just as secure as the other guys After years of big security gaps, Google says the phones it powers are now as hard to hack as iPhones. It wants to make sure you know that.In 2015, we learned that Google's operating system for phones was vulnerable to the StageFright bug, which hackers could exploit just by sending a text message. In 2016, security researchers revealed that millions of Android phones were infected with malicious software called HummingBad, which hackers used to generate bogus ad revenue. In 2017, documents revealed by Wikileaks showed that the CIA had developed malicious software for Android phones.

CTS said AMD's Ryzen chipset, which AMD outsourced to a Taiwanese chip manufacturer, ASMedia, "is currently being shipped with exploitable manufacturer backdoors inside."

This could allow attackers "to inject malicious code into the chip" and create "an ideal target" for hackers, the researchers said.

"CTS believes that networks that contain AMD computers are at a considerable risk," the report said.

"The vulnerabilities we have discovered allow bad actors who infiltrated the network to persist in it, surviving computer reboots and reinstallations of the operating system.

"This allows attackers to engage in persistent, virtually undetectable espionage, buried deep in the system."

AMD, one of the largest semiconductor firms specializing in processors for PCs and servers, said it was studying the latest report.

"At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise," the California-based company said in a statement.

"We are investigating this report, which we just received, to understand the methodology and merit of the findings."

Analysts at the security firm enSilo said the AMD flaws could be worse than those affecting Intel chips.

"The impact of these vulnerabilities is more severe than Meltdown/Spectre as it allows an attacker to execute highly privileged code and persist on the victim machine," enSilo said in a blog post.

Additionally, some of the flaws may be nearly impossible to patch.

"We estimate that without patches from AMD, protection against the vulnerabilities can be limited at best," enSilo researchers said. "The best protection is to block malware that attempts to leverage these vulnerabilities."

AMD vows to fix newly-disclosed processor vulnerabilities .
Semiconductor company AMD has finally acknowledged there's a problem with its Platform Security Processor. The announcement comes against a wider backdrop of controversy involving responsible disclosure. When researchers find vulnerabilities in products they typically give companies 90 days to respond -- sometimes even longer, depending on the seriousness of the flaw in question. Google gave Intel around 200 days to fix Meltdown and Spectre before revealing them to the public, for example. The idea, of course, is to give companies an opportunity to get a fix out there before nefarious individuals find a way to capitalize on the vulnerability themselves.

—   Share news in the SOC. Networks

Topical videos:

This is interesting!