AMD Epyc CPUs have a flaw that exposes the Secure Processor under virtualization
Click here to post a comment for AMD Epyc CPUs have a flaw that exposes the Secure Processor under virtualization on our message forum
Kaarme
Astyanax
exploits that require physical access and electrical modification of the part aren't exploits at all.
Vtech
"Physical access to hardware is required."
Someone call Tom Cruise:
https://www.christies.com/media-library/images/features/articles/2015/07/30/mainimage.jpg
GSDragoon
schmidtbag
This is kind of like saying iris/retinal scanners aren't secure because you can spoon out the eye of someone who has access and show that to the camera. Sure, it's not failproof, but I'm sure even AMD themselves could have told you "if you modify the motherboard and intercept the sensor with your own chip, you can circumvent the security". There are much simpler and less error-prone ways to hack a computer you have physical access to.
Seems to me it's just overriding the voltage sensor; I don't think it would brick anything, so long as you didn't screw it up.
Commoner
Physical presence needed.
Meh
waltc3
Can't imagine why this is a "flaw"...if that's all they could find then the CPUs are practically invulnerable from remote attack, which is the desired state...;) If you have physical access to a machine then everything there becomes vulnerable.
Airbud
https://static1.hotcarsimages.com/wordpress/wp-content/uploads/2018/04/cheater_car-copy.jpg
I knew I should have rented that secure garage....:D
Yea, kind of like saying my car was fine before she physically touched it.
tsunami231
This is getting stupid all this firms look for ways
Silva
anticupidon
Physical direct access to the computer running corporate software is a security breach in itself.
Wondering how this news would be received from Intel. Would people react the same or worse?
I mean, no chip manufacturer is anyone's friend. An vulnerability is a vulnerability.
But we should take the information with some precautions and some salt.
I wonder if anyone managed to get inside a data center or a real server room.
Leaving Hollywood and crappy movies aside, things aren't so simple to get even to the door.
Dazz
TBH if you need physical access, it's been approved by upper management under a change order request it's been recorded and the person has been vetted to be allowed access to the data centre and is on CCTV, the car is recorded timestamp is recorded. If you managed to get through all that any hardware is vulnerable with a long log of when you got to site what's been done, how long what was done and the list goes on and on. With some data centres, you are also escorted by security, the amount of paperwork that's required typically takes a lot longer to do than what actually needs to be done everything is scrutinised. Besides, 99.999999% of hackers will not physically put themselves in such a position, they would rather do it without being seen let alone leaving a long paper trail.
MonstroMart
Dazz
Alessio1989