DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
July 20, 2019 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 167 people online.

 

Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
 

Follow us
RSS
 

Flaw found in Trusted Platform Module of AMD CPUs

Posted on Saturday, January 06 2018 @ 18:59:28 CET by


AMD logo
Google security researcher Cfir Cohen dicovered a vulnerability in the fTMP of AMD's Platform Security Processor (PSP). This is a hidden layer that runs on AMD processors, similar to Intel's controversial Management Engine.

While the flaw enables nasty stuff, the risk to the average user is very low as attackers need physical access to the motherboard to modify the SPI-Flash:
In an email to The Register, Dino Dai Zovi, cofounder and CTO of security biz Capsule8, said the vulnerability isn't quite subject to remote execution "since the crafted certificate that exploits the vulnerability needs to be written to NVRAM, the attacker must already have privileged access to the host or physical access. It would let an attacker bypass secure/trusted boot, which is performed by the TPM."

An AMD spokesperson told The Register that an attacker would first have to gain access to the motherboard and then modify SPI-Flash before the issue could be exploited. But given those conditions, the attacker would have access to the information protected by the TPM, such as cryptographic keys.
The Register has more details over here. An update to resolve this vulnerability will be issued later this month.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba