Bad news for users of AMD processors with Zen 2 and Zen 3 architecturesbecause the FaulTPM detection points to a vulnerability that does not remotely exploitableand this requires no less than half an hour of full access to the system that is attacked, which reduces its overall level of danger, although it presents a problem in all those computers that are physically accessible to a potential attacker with the level of knowledge necessary to exploit this security flaw.

FaulTPM was discovered and expanded by a group of researchers from the Technical University of Berlin who published a paper titled “faulTPM: Revealing the Deepest Secrets of AMD fTPM”. In it, which is completely complete, the nature of the flaw is fully revealed and what steps an attacker must take to exploit it. Thus, once this information is made public, all the necessary circumstances exist for it to be misused for malicious purposes, which is a wake-up call for both users and administrators of Zen 2 and Zen 3-based computers ( report it doesn’t mention Zen 4so we can understand that latest AMD architecture is not exposed to FaulTPM).

As we can quickly deduce from its name, FaultTPM affects TPM (Trusted Platform Module) of the system, an element that became very important after Microsoft proposed it as a basic technical requirement in all systems that wanted to upgrade to Windows 11. This is not the first time we have encountered a security-related problem. to this module. About two years ago, we told you that a bad implementation of the chip could compromise its contents, and much more recently, a few months ago, we learned of two vulnerabilities that once again compromised its security.

In this case, vulnerability is used by voltage fault injectionwhich causes the compromised system’s unique CPU key to be exposed, a key that the attacker can later use to access all the keys stored in the security chip, compromising access to the system down to any application and service used within it (such as corporate tools) , which base their security on this module.

As the report reveals, the first phase of the attack requires about 30 minutesand this operation can be done manually, but it can also be automated. In the second phase, the attacker makes several attack attempts to determine the last parameter needed to gain full access and thus be able to deliver a payload to the compromised system that can be used to exploit the vulnerability. From this point on, all content stored and/or encrypted by fTPM will be fully accessible to an attacker.

AMD responded to Tom’s Hardware regarding FaulTPM and stated the following:

«AMD is aware of a research report on an attack on our Trusted Platform Module firmware that appears to exploit related vulnerabilities previously addressed in ACM CCS 2021. This involves attacks performed by physical means, typically outside the security scope of the processor architecture. We are constantly innovating new hardware protections in future products to limit the effectiveness of these techniques. With regard to this document specifically, we are working to understand potential new threats and will notify our customers and end users if necessary.«