Slashdot Mirror
Researchers Point Out 'Theoretical' Security Flaws In AMD's Upcoming Zen CPU (bleepingcomputer.com)
An anonymous reader writes from a report via BleepingComputer: The security protocol that governs how virtual machines share data on a host system powered by AMD Zen processors has been found to be insecure, at least in theory, according to two German researchers. The technology, called Secure Encrypted Virtualization (SEV), is designed to encrypt parts of the memory shared by different virtual machines on cloud servers. AMD, who plans to ship SEV with its upcoming line of Zen processors, has published the technical documentation for the SEV technology this past April. The German researchers have analyzed the design of SEV, using this public documentation, and said they managed to identify three attack channels, which work, at least in theory.
[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.
[In a technical paper released over the past weekend, the researchers described their attacks:] "We show how a malicious hypervisor can force the guest to perform arbitrary read and write operations on protected memory. We describe how to completely disable any SEV memory protection configured by the tenant. We implement a replay attack that uses captured login data to gain access to the target system by solely exploiting resource management features of a hypervisor." AMD is scheduled to ship SEV with the Zen processor line in the first quarter of 2017.
I only read the abstract, but once you use the words 'malicious hypervisor', I figure it's game over. I know that AMD is touting this SEV as a solution, but there's no way you are going to convince me that the thing that controls the nature of my VM's reality isn't capable of getting and controlling everything that VM has.
A thousand pounds of wood moving at 300 feet per minute. Don't get in the way.
This is simply paid Intel FUD against their only competitor in the x86 space. All Intel chips have ring 0 and higher vulnerabilities- which is why Windows and Linux machines can be 'pwned' so easily in competitions that offer rewards to hackers who can breach fully patched x86 machines. All of Intel's so-called unhackable private memory space hardware functions have been shown to be utterly useless against informed attacks.
And worse, Intel (and AMD) have NSA and GCHQ back-doors in their CPUs that operate above ring 0 using chip internal resources that no external security program can lock-down. And what the NSA knows, Israel government agents know. And what Israel knows, criminal tribe members in the Ukraine and other East European crime cesspits know.
No 'magic' hardware in any of your CPUs is going to make your computer safe from hacking. Saying otherwise is simple markeding puffery from Intel and AMD. But saying that AMD is 'broken' without reporting the fact that so is Intel- thanks to the NSA- is simple pro-Intel advertising.
1. Needs a malicious hypervisor. If you trust your critical data/systems on a VM that us under a hypervisor you do not control, well you deserve what is coming to you. This is no different than someone having physical access to your hardware, all bets are off.
2. Regular consumers are not going to care about this or have to worry about it.
If the price/performance of this family pans out as promised, it will get foothold in the server market and HPC market. Both will find ways to secure against this -or own their own metal-. Plus there are plenty of uses that run bare metal.
Are we sure this wasn't an Intel funded FUD study?
Silence is a state of mime.
Wouldn't one of the attacks simply be: $5 wrench attack against a microcode engineer?
(If you thought hacking an entire datacenter or hacking an entire operating system was bad.... Try hacking ALL INTEL or ALL AMD cpus..... pretty crazy.)
You mean, something like Intel IME? Already there, in your CPU. I'm for one using an old AMD (Phenom 2) but I see no upgrade path at the moment. AMD's version of the backdoor is less vicious (no path from the network card) but not nice either.
There's no outright proof of Intel CPUs being backdoored, but they made a number of very weird design choices that make absolutely no sense when the purpose is anything but hiding a backdoor. So let's think who gets the keys.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
This new CPU has a security feature with a theoretical security flaw that at its worst will only make things as bad as they already are right now.
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }