Oopsy!

Notable quote:

“It’s going to be nearly undetectable and nearly unpatchable.” Only opening a computer’s case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.

Let’s hope a microcode or BIOS update can prevent it from happening in the first place.

Original source:

https://info.defcon.org/event/?id=54863

Relevant links:

https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/

https://www.youtube.com/watch?v=xSp38lFQeRE

https://www.youtube.com/watch?v=lR0nh-TdpVg&t=2s

https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/

(I found the Bleeping Computer article more informative and concise than the Wired one.)

Similar vulnerability threat as the Intel ME bug. Annoying for security-critical applications where you start worrying about hardware security, but virtually no real-world threat. Might be useful for users wishing to disable security processors though.

who is naming this shit

More “cybersecurity” clickbait with red/blue/green images of processors and skulls. That’s the real “infection”

Requires kernel-level access. Also AMD is “releasing mitigations,” so is it “unfixable?”