Unrepairable, Attack Costs $200, AMD Zen 2/3 Processor Vulnerabilities Exposed
News from IT House on May 3, network security experts from the Technical University of Berlin recently releasedReportclaiming a vulnerability in the Trusted Platform Module (TPM) on AMD platforms,Full access to encrypted data through a malicious TPM short-circuit attack.
This means including password management tools that rely exclusively on the TPM BitLocker included,Hackers can completely compromise any application or encryption.
The researchers report that the vulnerability exists on the Platform Security Processor (PSP) in Zen 2 and Zen 3 processors, but the report does not mention whether Zen 4 also has the vulnerability.
The researchers published a list of codes and equipment needed for the attack on GitHub, which cost about $200 (IT Home note: currently about 1384 yuan), and the entire cracking process takes “several hours”.
The experts used a test laptop from Lenovo, and they physically connected the used device to the power supply, the BIOS SPI chip, and the SVI2 bus (power management interface). The attack targets the PSP security coprocessor present in Zen 2 and Zen 3 processors to obtain data that allows decryption of objects stored in the TPM. Successfully extracted “key”.
By default, BitLocker uses only the TPM mechanism to store keys, but users can assign a PIN to work with TPM-based mechanisms. This provides multiple layers of protection, but these PINs are not enabled by default and are vulnerable to brute force attacks.
Intel processors are not affected, and AMD sent Tom’s Hardware the following statement:
AMD has learned from this Trusted Platform Module research report that it appears to exploit related vulnerabilities previously discussed at ACM CCS 2021.
This requires an attack by physical means, usually outside the scope of processor architecture security mitigations.
We are continually innovating new hardware-based protections in future products to limit the efficacy of these technologies.
We are working hard to understand potential new threats and will provide updates and updates to our customers and end users in a timely manner.