Researchers have designed two types of attacks exploiting security vulnerabilities discovered in AMD processors produced between 2011 and 2019.
Researchers from partner universities, including the University of Rennes, discovered two vulnerabilities in the processors of the AMD founder. They concern all the chips produced between 2011 and 2019. In an article published by the University of Graz in Austria, the cosigners show how they designed two attacks jeopardizing the security of the data processed by the brand’s processors. Called Collide + Probe and Load + Reload, these two homemade creations allow you to get hold of sensitive information or degrade the processor security functions.
With these two attack vectors, it is the content of the L1D cache of the processor which is targeted. Codes are used to monitor how processes interact with the cache, and then collect small pieces of data being processed that come from active applications.
AMD seems to ignore the threat
The concern with this vulnerability is that it does not require physical access to the computer as is often the case for hardware vulnerabilities. JavaScript code via the cloud is used to carry out the attack. Javascript is the most popular language today, according to RedMonk’s ranking. Eleven million developers use this code for websites, web services, and mobile and desktop applications.
AMD has been aware of the existence of the faults since August. The company did not communicate anything on the subject and no corrective action has been deployed while the academics are providing leads to correct the situation. The other big problem for AMD is that this vulnerability should also affect the chips with the Zen 3 architecture of its future range of Ryzen 4000, engraved in 7 nm which will be released by the end of 2020.