Some of the top AMD chips are suffering a serious security flaw

According to the researchers’ technical paper, the AMD firmware-based Trusted Platform Module (fTPM/TPM) carries the flaw, which they dubbed “faulTPM”. The flaw could be compromised via a “voltage fault injection”, allowing malicious actors to potentially read the contents of apps that fully rely on TPM-based security such as BitLocker.

Acknowledging the flaw

To pull the feat off, the researchers bought off-the-shelf hardware for roughly $200, and targeted AMD’s Platform Security Processor (PSP) found in Zen 2 and Zen 3 chips (we don’t know if Zen 4 chips are vulnerable). They also need physical access to the target device for “several hours”, they said. 

Commenting on the news to Tom’s Hardware, AMD said it was aware of the report and is working to understand potential new threats: “AMD is aware of the research report attacking our firmware trusted platform module which appears to leverage related vulnerabilities previously discussed at ACM CCS 2021,” the company’s spokesperson told the publication. 

“This includes attacks carried out through physical means, typically outside the scope of processor architecture security mitigations. We are continually innovating new hardware-based protections in future products to limit the efficacy of these techniques. Specific to this paper, we are working to understand potential new threats and will update our customers and end-users as needed.” 

The publication also says that the papers released at ACM CCS 2021 discussed a glitching attack and did not use the attack vendor to compromise the TPM, which makes this research’s findings a novel cyberattack method.

More details can be found on this link.

• Here's our take on the best firewalls at the moment

Via: Tom's Hardware