Some of the top AMD chips are suffering a serious security flaw

A novel flaw can be used to read sensitive content on AMD Zen chips

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from the Technical University of Berlin have discovered a flaw in someAMDhardware that might allow threat actors to read sensitive, encrypted content from theendpoint.

The feasibility of the method is questionable though, as it requires physical access to the device for several hours in order to be fully leveraged.

According to the researchers’ technical paper, the AMD firmware-based Trusted Platform Module (fTPM/TPM) carries the flaw, which they dubbed “faulTPM”. The flaw could be compromised via a “voltage fault injection”, allowing malicious actors to potentially read the contents of apps that fully rely on TPM-based security such as BitLocker.

Acknowledging the flaw

Acknowledging the flaw

To pull the feat off, the researchers bought off-the-shelf hardware for roughly $200, and targeted AMD’s Platform Security Processor (PSP) found in Zen 2 and Zen 3 chips (we don’t know if Zen 4 chips are vulnerable). They also need physical access to the target device for “several hours”, they said.

Commenting on the news to Tom’s Hardware, AMD said it was aware of the report and is working to understand potential new threats: “AMD is aware of the research report attacking our firmware trusted platform module which appears to leverage related vulnerabilities previously discussed at ACM CCS 2021,” the company’s spokesperson told the publication.

“This includes attacks carried out through physical means, typically outside the scope of processor architecture security mitigations. We are continually innovating new hardware-based protections in future products to limit the efficacy of these techniques. Specific to this paper, we are working to understand potential new threats and will update our customers and end-users as needed.”

New vulnerability in AMD Ryzen CPUs could seriously jeopardize performance>Ryzen CPU firmware bug is fixed, but AMD has bigger problems>Check out the best malware removal services right now

The publication also says that the papers released at ACM CCS 2021 discussed a glitching attack and did not use the attack vendor to compromise the TPM, which makes this research’s findings a novel cyberattack method.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More details can be found onthis link.

Via:Tom’s Hardware

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption