Detail

The bug was found in the chips’ base firmware, which allows the malware to infect the computer’s memory deeply by running code in the AMD processor’s privileged mode – system administration mode. Usually, this is a protected part of the firmware.

IOActive, the company behind the discovery, calls the vulnerability “Sinkclose.” It says it’s a flaw dates back to at least 2006 and it affects almost every AMD chip.

It was bad news, but there is good news. Despite being potentially catastrophic, this issue is unlikely to affect ordinary people. That’s because hackers would need deep access to an AMD-based PC or server to fully exploit the vulnerability. This would be a lot of work for the average home computer, but could cause problems for businesses and other large organizations.

This is particularly worrisome for governments and the organizations they work with. Theoretically, malicious code could be so deeply rooted in firmware that it would be nearly impossible to detect. In fact, the researchers say The code will most likely survive a full reinstall of the operating system.The best option for infected computers is a one-way ticket to the trash.

Imagine government hackers or anyone else who wants to access your system. Even if you wipe your drive, it will still be there. It will be almost impossible to detect, almost impossible to fix,
– says Krzysztof Okupski from IOActive.

After successful implementation, hackers will have full access to both monitoring activity and interfering with the operation of the infected computer.

What AMD says

AMD acknowledged the issue and said it had “issued mitigations” for its datacenter and Ryzen PC products, with “mitigations for AMD embedded products coming soon.” The company also published a full list of affected chips.

The company also highlighted how difficult it would be to exploit the vulnerability by comparing Sinkclose to accessing bank vaults; you’d need to bypass alarms, guards, vault doors, and other security measures.