Prijavi se z GoogleID

» »

Ranljivost v AMD Ryzen procesorjih

Ranljivost v AMD Ryzen procesorjih

Xserces ::

Torej sedaj so priplavale informacije o "kritičnih" varnostnih luknjah tudi za AMD Ryzen procesorje. LINK

Luknje
-Master key
When a device starts up, it typically goes through a "Secure Boot." It uses your processor to check that nothing on your computer has been tampered with, and only launches trusted programs.

The Master Key vulnerability gets around this start-up check by installing malware on the computer's BIOS, part of the computer's system that controls how it starts up. Once it's infected, Master Key allows an attacker to install malware on the Secure Processor itself, meaning they would have complete control of what programs are allowed to run during the start-up process.

From there, the vulnerability also allows attackers to disable security features on the processor.

-Ryzenfall
This vulnerability specifically affects AMD's Ryzen chips, and would allow malware to completely take over the secure processor.

That would mean being able to access protected data, including encryption keys and passwords. These are regions on the processor that a normal attacker would not be able to access, according to the researchers.

If an attacker can bypass the Windows Defender Credential Guard, it would mean they could use the stolen data to spread across to other computers within that network. Credential Guard is a feature for Windows 10 Enterprise, which stores your sensitive data in a protected section of the operating system that normally can't be accessed.

"The Windows Credentials Guard is very effective at protecting passwords on a machine and not allowing them to spread around," Luk-Zilberman said. "The attack makes spreading through the network much easier."

-Fallout
Like Ryzenfall, Fallout also allows attackers to access protected data sections, including Credential Guard. But this vulnerability only affects devices using AMD's EPYC secure processor. In December, Microsoft announced a partnership with for its Azure Cloud servers using AMD's EPYC processor.

"Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule," a Microsoft spokesperson said.

These chips are used for data centers and cloud servers, connecting computers used by industries around the world. If an attacker used the vulnerabilities described in Fallout, they could use it to steal all the credentials stored and spread across the network.

"These network credentials are stored in a segregated virtual machine where it can't be accessed by standard hacking tools," said CTS-Labs CEO Ido Li On. "What happens with Fallout, is that this segregation between virtual machines are broken."

Segregated virtual machines are portions of your computer's memory split off from the rest of the device. Researchers use it to test out malware without infecting the rest of their computer. Think of it like a virtual computer inside your computer.

On Credential Guard, the sensitive data is stored there, and protected so that if your computer were infected by normal malware, it wouldn't be able to access it.

-Chimmera
Chimera comes from two different vulnerabilities, one in its firmware and one in its hardware.

The Ryzen chipset itself allow for malware to run on it. Because WiFi, network and Bluetooth traffic flows through the chipset, an attacker could use that to infect your device, the researchers said. In a proof-of-concept demonstration, the researchers said it was possible to install a keylogger through the chipset. Keyloggers would allow an attacker to see everything typed on an infected computer.

The chipset's firmware issues means that an attack can install malware onto the processor itself.

"What we discovered is what we believe are very basic mistakes in the code," Uri Farkas, CTS-Labs's vice president of research and design said.
Intel i5-3570k @4.7GHz|MSI GTX 970 4G|MSI Z77 MPower|
G. Skill 8 GB 1600MHz|Corsair AX750|Seagate Barracuda 2TB|NZXT Gamma|
  • spremenil: Xserces ()

pegasus ::

Zeh. Oglasi se, ko bodo pogruntali, kako krast AES ključe za SME.

Dr_M ::

Small and Medium Enterprises? Significant Military Equipment?
The reason why most of society hates conservatives and
loves liberals is because conservatives hurt you with
the truth and liberals comfort you with lies.

pegasus ::

Secure Memory Encryption. Naj pokažejo, koliko in če sploh je res secure.

filip007 ::

Najbolj varni so Ryzen prenosniki, samo PSP je treba izklopiti v BIOSu.
Plejstejšon.

jukoz ::

filip007 je izjavil:

Najbolj varni so Ryzen prenosniki, samo PSP je treba izklopiti v BIOSu.


Je kaj novega o izklapljanju PSP. Pred novim letom se je govorilo da se ga da izklopiti na nekaterih Asrock(?) platah. Obstajajo kakšne bolj zanesljive informacije?

FireSnake ::

V oči bode to, da so dali AMDju 24 ur časa.
Google je dal intelu 6 mesecev časa.

Še tole:

Based on the latest available information, wccftech.com now believes that the publication of this whitepaper may have been financially motivated and in fact used as a tool for stock price manipulation.


Vir.


Smrdi mi pa tole:

Can It Be Fixed?

CTS Labs claims that Ryzenfall, Masterkey and Fallout can be fixed via firmware updates, but could take several months for those fixes to be delivered. Chimera on the other hand reportedly can't be fixed directly because it's a hardware issue but can be addressed with a workaround. Although, CTS Labs alleges this may produce side affects and could prove difficult to achieve.


Kako oni TOČNO vedo, kaj se da popraviti, in kaj ne?
Arhitekture nihče ne pozna tako podrobno.
Intel je imel 6 mesecev časa, pa se še zdaj lovijo. Google o popravkih ni vedel ničesar.

Tole bo imelo še zanimiv razplet.
"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)

Zgodovina sprememb…

  • spremenilo: FireSnake ()

FireSnake ::

The Low-down On Bizarre AMD Security Exploit Saga - You Will Want To Read This

Članek se bo še dopolnjeval.

Iz vira:

Something incredibly peculiar has happened in the past few hours: we saw a report published, that on first glance claimed to reveal 13 spectre-level flaws and would have struck a massive blow to AMD; but as more information started surfacing it quickly became apparent that nothing is as it seems.
"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)

FireSnake ::


So are those flaws real? Yes probably, but not as severe as CTSLabs/Viceroy Research would have you believe and certainly not on the same level as Spectre/Meltdown


Nadalje:

An additional data point which is material but was umm, skimmed over by the CTS-Labs team is that according to their own report - all exploits require admin rights to work. Which makes them a lot more tame then if it was something that could be done without. If a malicious agent had admin rights to your server, a backdoor would probably be the least of your concerns - everything on that server is already compromised. In other words, these exploits can only work on an already-compromised server.



Pod črto: zadeva je veliko prenapihnjena in ima finančno ozadje.
kar pa ne pomeni, da tega ni potrebno odpraviti.
"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)

FireSnake ::

"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)

Ahim ::

Vse zgoraj navedeno velja prakticno za vsak sistem, kjer je mogoce v sistem injicirati dodatno kodo (ki se izvede pred zagonom OS ali tece pod OS na nivoju, kjer ima dostop do "vsega", kot imajo npr. driverji). Povedano drugace, vse nasteto velja tudi za vse sisteme z Intelovimi procesorji za vseh ~30 let obstoja kombinacije procesorjev, ki poynajo "protected mode" ter OSov, ki tecejo v "protected mode". Za preostalih 10 let pred tem je pa seveda sploj neumesno debatirati, ker tako ali tako lahko katerakoli koda brez kakrsnihkoli ovir sari kjerkoli po naslovnem prostoru in pocne zlobe stvari.

V glavnem ... upam da short ellerji, ki so tole bedarijo objavili, pristanejo v arestu ali pa vsaj izgubijo toliko denarja, da ostanejo klosarji do konca svojih bednih zivljenj, saj so poskusali z manipulacijo ta denar iztisniti iz drugih vlagateljev.

FireSnake ::

Eni jih lepo analizirajo.

Hkrati pa ti pajaci priznavajo, da shortajo AMD delnice:



Če imaš dostop do računalnika in če imaš admin pravice in če falshas BIOS in če namestiš malware .... potem tele zadeve pridejo do izraza.

Vse skupaj je neslana šala.
"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)

Zgodovina sprememb…

  • spremenilo: FireSnake ()

Ahim ::

FireSnake je izjavil:

Vse skupaj je neslana šala.

Za tiste, ki bodo izgubili denar zaradi tega, ne bo ravno šala ...

FireSnake ::

Verjamem.
To se bodo pa morali na sodišču zmenit :D
"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)

FireSnake ::


AMD Confirms CTS-Labs Exploits: All To Be Patched In Weeks
.

Pomemben del, pa o tem smo že govorili:

It's important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research.


Celotna tabela. Vse se bo uredilo z novimi BIOSi

Če bi se držali okna 90 dni mi tele "novice" sploh ne bi brali.

Pod črto: ti kekci so tele "ranljivosti" prenapihnili.
"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)

Zgodovina sprememb…

  • spremenilo: FireSnake ()

D3m ::

Okoristili drugače povedano.
|Lenovo E575|A6-9500B|
|Lenovo A10|Mediatek MT8121|

FireSnake ::

Ni se jim ratalo okoristiti, ker so shortali delnice.
delnica pa ni padal toliko, kot so oni predvidevali :D

AMD bo pa zdaj podal zahtevo po reviziji manipulacije delnice :D

Čeprav: meni bi pasalo, da še malo pade, ker sem jih ob ceni 12,55 prodal.
Pa bi se rad spet založil (ob lokalnem minimumu).
"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)

D3m ::

Trenutno so 11,11.
|Lenovo E575|A6-9500B|
|Lenovo A10|Mediatek MT8121|

FireSnake ::

Ja, saj se bom začel počasi zalagat z njimi.
Nazadnje sem imel povprečni nakup 11.1.
"In The Sound Of Silence Time Is Standing Still"
Poglej, in se nasmej ----> www.vicmaher.si ;)


Vredno ogleda ...

TemaSporočilaOglediZadnje sporočilo
TemaSporočilaOglediZadnje sporočilo
»

Ranljivost v Intel procesorjih (strani: 1 2 3 4 5 6 )

Oddelek: Strojna oprema
25615200 (125) FireSnake
»

Odkritih 13 kritičnih ranljivosti AMD Ryzen in EPYC procesorjev (strani: 1 2 3 )

Oddelek: Novice / Procesorji
10811160 (4489) rdecaluc
»

Linux varnostne luknje

Oddelek: Operacijski sistemi
301533 (1286) BigWhale
»

Pozor, resna pomankjlivost v WINXP

Oddelek: Programska oprema
151167 (828) andrej

Več podobnih tem