AMD, a dangerous vulnerability discovered in Zen's Secure Processor

AMD, a dangerous vulnerability discovered in Zen's Secure Processor


A team of security researchers from Cornell University demonstrated the "proof of concept" of an attack on AMD's Secure Encrypted Virtualization (SEV) technology, using the AMD Secure Processor (AMD-SP) built into Zen to gain access complete to the system.

The technique requires physical access to the device and is based on a voltage modulation that allows a potential attacker to distribute a customized SEV firmware, which in turn would allow the decryption of all information related to the virtual machine (VM). The vulnerability is present in all iterations of Zen microarchitecture, from Zen 1 to Zen 3. Previously, both Zen 2 and Zen 3 were supposed to be free of any such vulnerabilities.

Credit: AMD The team was led by Robert Buhren, a researcher who has already demonstrated the existence of various flaws in IF V. The physical access requirement means that this vulnerability is not of particular interest to most mainstream users. However, the technique allows a user with access to a company's physical infrastructure hardware to execute malicious code that bypasses all of AMD's security mechanisms. This vulnerability stands on its own in the sense that the voltage modulation attack is not based on any other existing exploit.

The fact that the AMD Secure Processor (basically an ARM-based CPU integrated into AMD's Zen design) was the target of this exploit is a huge blow to the company, as AMD-SP is was specifically designed to protect customers from such attacks. This is of particular concern for cloud-based environments, as it means that companies running their services through instances offered by a particular provider must not only trust the provider themselves, but also their technicians (regardless of whether they are subcontracted or not. ). This is definitely bad news for AMD, which is trying to gain ever greater shares in the server and data center market.

Are you looking for a good motherboard to pair with the new Ryzen processors? ASUS ROG Strix X570-F with 14 power phases might be a good choice. You can find it on Amazon at a good price.

AMD hardware security tricks can be bypassed with a shock of electricity

Academics researchers have demonstrated a successful attack strategy to get around the protections provided by AMDs famed Secure Encrypted Virtualization (SEV) technology.

AMD SEV leverages the AMD Secure Processor (AMD-SP) to separate security-sensitive operations from software executing elsewhere in order to safeguard virtual machines (VM) in untrusted environments.

Researchers from Technische Universität (TU) Berlin's Security in Telecommunications group, describe how they succeeded in mounting a voltage fault injection attack, in a paper aptly titled 'One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualization' 

A successful attack enables the perpetrator to execute custom payloads on the AMD-SP that ships with all AMD SEV processors currently in the market, including Naples (Zen 1), Rome (Zen 2), and Milan (Zen 3).

According to The Register’s parsing of the paper, the bypass technique involves manipulating the input voltage to AMD systems on a chip (SoC), in order to induce an error in the read-only memory (ROM) bootloader of the AMD-SP.

Notably, the attack relies on cheap, off-the-shelf components, including a $30 Teensy µController, and a $12 flash programmer. 

However, to attack can’t be executed remotely and needs physical access to the server. An AMD spokesperson also flagged this fact when contacted by The Register, rendering any real-world implications of the vulnerability moot, unlike earlier vulnerabilities.

In addition to highlighting the issue, the researchers also suggested a couple of mitigations. One reportedly involves modifying software or hardware to detect voltage modulation, while the other involves the addition of additional circuitry to defend against voltage glitches.

Via The Register