Security holes in your computer’s firmware, the hard-wired code that loads first when you turn on your machine and even determines how the operating system boots, have long been a target for hackers looking for a stealthy foothold. But rarely does that kind of vulnerability appear not in a specific computer manufacturer’s firmware but in the chips inside hundreds of millions of PCs and servers. Now, security researchers have found such a hole, in AMD processors for decades, that could allow malware to burrow deeply enough into a computer’s memory that, in many cases, it would be easier to trash a machine than it was to disinfect it.
At the Defcon hacker conference, Enrique Nissim and Krzysztof Okupski, researchers at security firm IOActive, plan to present a vulnerability in AMD chips they’re calling Sinkclose. The flaw would allow hackers to execute their own code in one of AMD processors’ most privileged modes, known as System Management Mode, which is designed to be reserved only for a specific, protected part of the firmware. The IOActive researchers warn that the flaw affects virtually all AMD chips dating back to 2006, and possibly even earlier.
Nissim and Okupski note that exploiting the bug would require hackers to have relatively deep access to an AMD-based PC or server, but the Sinkclose flaw would then allow them to plant their malicious code much deeper. In fact, the IOActive researchers warn that for any machine with one of the vulnerable AMD chips, an attacker could infect the computer with malware known as a “bootkit” that would bypass antivirus programs and potentially be invisible to the operating system, while giving a hacker full access to manipulate the machine and monitor its activity. For systems with certain misconfigurations in the way a computer manufacturer has implemented AMD's security feature known as Platform Secure Boot (which the researchers warn includes the vast majority of systems they tested), a malware infection installed via Sinkclose could be even harder to detect or fix, they say, and could even survive a reinstall of the operating system.
“Imagine if hackers from nation states or whoever wanted to stay on your system, even if you wiped your drive completely, it’s still there,” Okupski says. “It’s almost undetectable and almost unpatchable.” Only by opening the computer’s case, physically connecting directly to a specific part of the memory chips with a hardware-based programming tool known as an SPI Flash programmer, and meticulously searching the memory can the malware be removed, Okupski says.
Nissim sums up that worst-case scenario in more practical terms: “You essentially have to throw your computer away.”
In a statement shared with WIRED, AMD acknowledged IOActive's findings, thanked the researchers for their work, and noted that it “has released mitigation options for its AMD EPYC datacenter products and AMD Ryzen PC products, with mitigations for AMD embedded products coming soon.” (The term “embedded” in this case refers to AMD chips found in systems such as industrial equipment and automobiles.) For its EPYC processors, which are designed specifically for use in datacenter servers, the company noted that it released patches earlier this year. AMD declined to answer questions in advance about how it plans to patch the Sinkclose vulnerability, or for which devices and when exactly, but it pointed to a full list of affected products available on the security bulletin page of its website.