An international team of researchers led by KU Leuven has discovered a vulnerability in AMD processors. AMD has since fixed the problem.
AMD processors for cloud servers were found to be vulnerable to manipulations in memory communication. This was discovered by researchers from KU Leuven in collaboration with the universities of Birmingham and Lübeck. Using a technique the researchers call “BadRAM,” the researchers managed to bypass the built-in security in the AMD processors. The chip manufacturer was informed months ago and the problem was fixed.
read also
KU Leuven exposes vulnerability in AMD processors
Misleading communication
KU Leuven researchers have succeeded before in discovering vulnerabilities in widespread IT infrastructure. They have, for example, already uncovered vulnerabilities in Intel processors. This time, the researchers set their sights on major rival AMD and also changed their methods by focusing on the communication between chip and memory.
The researchers discovered that communication through theSerial Presence Detect (SPD) chip allows manipulations. This chip informs the processor of available memory at startup. Using the BadRAM technique, the researchers misled the processor, making it appear that more memory was available than was actually the case
This gave them access to stored data and the ability to overwrite it. This allowed them to bypass Secure Encrypted Virtualization technology, which is supposed to protect sensitive data. AMD was informed of the problem in February, after which updates were developed and rolled out by cloud providers. As a result, there are no longer any risks for end users.
Competition over safety
The researchers fear it won’t be the last time they discover things that aren’t right in Intel and AMD’s technology. Both companies are engaged in fierce competition with AMD nibbling bit by bit at Intel’s market share . Professor Jo Van Bulck warns that in an effort to maintain momentum, security is dropping down the priority list.
read also
KU Leuven exposes vulnerability in AMD processors
“The increased competition between AMD and Intel does not always seem to benefit the security of their systems. Both companies have begun to place increasing emphasis on speed and usability, which is obviously commercially appealing. As cybersecurity researchers, our job is to critically evaluate the latest technologies and expose security risks that often lie behind these speed gains,” Van Bulck said.