AMD Processor Flaw Discovered - Physical Acces Required To Exploit

[GhostShip]

This story is really a bit of an anti climax of hype compared to the real Intel disaster.

https://www.theregister.co.uk/2018/01/06/amd_cpu_psp_flaw/

Cfir Cohen, a security researcher from Google's cloud security team, on Wednesday disclosed a vulnerability in the fTMP of AMD's Platform Security Processor (PSP), which resides on its 64-bit x86 processors and provides administrative functions similar to the Management Engine in Intel chipsets.

Cohen's post described the vulnerability as remote code execution flaw. However, physical access is a prerequisite.

In an email to The Register, Dino Dai Zovi, cofounder and CTO of security biz Capsule8, said the vulnerability isn't quite subject to remote execution "since the crafted certificate that exploits the vulnerability needs to be written to NVRAM, the attacker must already have privileged access to the host or physical access. It would let an attacker bypass secure/trusted boot, which is performed by the TPM."

An AMD spokesperson told The Register that an attacker would first have to gain access to the motherboard and then modify SPI-Flash before the issue could be exploited..

I am wondering why the Google researcher is making the false claim of remote acess given there no such access by default on anyones AMD machine, perhaps he has Intel shares.

[Pri]

I think their fear here is that servers using AMD's EPYC could be intercepted on route to customers (which the NSA / CIA are known to do as per the Snowden leaks) and then implant their own firmware. Once that's done they could then remote the servers.

The risk to us as consumers is low, unless you use the services of a company that had their servers tampered with on route to delivery. I also believe the PSP in AMD's systems can be deactivated on some consumer boards since a recent BIOS update.