TECH NEWS – Sinkclose affects AMD Ryzen and Epyc processors, so not only desktops but also servers could be affected.
It’s not uncommon for vulnerabilities to surface in processors that can be exploited by buggy code or an open loophole that allows hackers to steal your data. The situation with Sinkclose is a bit different, as this vulnerability has been present in AMD processors for over a decade (!) and was publicly demonstrated by security firm IOActive at the Defcon hacker conference.
According to Wired, intruders can run malicious code on “red” CPUs when the processors are in system management mode (when the firmware files needed to operate are available), but they need deeper access to an AMD-based PC or server to do so. To do this, they use a piece of malware called a bootkit. This goes undetected by antivirus software and removes the security of your system. “Imagine nation-state hackers or whoever wants to persist on your system. Even if you wipe your drive clean, it’s still going to be there. It’s going to be almost undetectable and almost unpatchable,” said Krzysztof Okupski.
The bootkit can be eliminated with a hardware-based programming tool, an SPI flash programmer, but it requires removing the side panel of your computer case and connecting it internally. AMD thanked the researchers for discovering the vulnerability and reporting it. They also released a list of affected processors (AMD Ryzen 3000 and later CPUs, and at least the first generation of Epyc server processors). The only unprotected product line remains the older Ryzen 3000 processor family based on the Zen 2 architecture.
If a BIOS update is coming in the near future, it’s worth installing it (it’s not that hard these days: just put the necessary files on a thumb drive and you can update from the BIOS with about two clicks), thus eliminating the potential problem. At least they don’t have a manufacturing and/or software bug that affects two generations (looking at you, Intel).
Leave a Reply