Question AMD Security Vulnerability APU "SMM Callout"

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
Welp told you guys.
Make something popular, give it time, and it will be hacked.
People and AI are too smart these days, that nothing is unhackable, its just either unprofitable, until it becomes profitable.


The three bugs, which AMD refers to as "SMM Callout," allow attackers to take control over the UEFI firmware of AMD CPUS, and inherently of the entire computer.

I just hope whatever patches come out wont be as bad as spectre as it really hurt nVME performances on Intel's which were affected.
 
  • Like
Reactions: Tlh97 and TheGiant

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
well AMD came back so the profitable comes into the place
is this another media hystery or something serious for the average joe ?

To be honest i do not think there is enough mission critical amd apu systems out there for one to worry about.
But if someone hacker was bored and randomly started hacking and found one, a full takeover of the UEFI can be disastrous on biblical levels, as UEFI does basically control everything down to VCORE / Ram Voltage, essentially they could nuke your PC.
 

DrMrLordX

Lifer
Apr 27, 2000
21,582
10,785
136
Taking control of the UEFI will in some cases result in your board becoming effectively bricked. If all the UEFI flash controls get wiped out, only a dual UEFI will save you, and that's assuming the h4x0r doesn't get both of them.
 

itsmydamnation

Platinum Member
Feb 6, 2011
2,743
3,074
136

The targeted attack described in the research requires privileged physical or administrative access to a system based on select AMD notebook or embedded processors. If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.

nothing to see here move along, after you have already been competely owned we will own you a little more,
 

VirtualLarry

No Lifer
Aug 25, 2001
56,226
9,990
126
The targeted attack described in the research requires privileged physical or administrative access to a system based on select AMD notebook or embedded processors. If this level of access is acquired, an attacker could potentially manipulate the AMD Generic Encapsulated Software Architecture (AGESA) to execute arbitrary code undetected by the operating system.


Guess that just means that "black bag" jobs are still in the budget...
 

DrMrLordX

Lifer
Apr 27, 2000
21,582
10,785
136
nothing to see here move along, after you have already been competely owned we will own you a little more,

It just means the system is totally unrecoverable once it's infected. It's a useless (read: insecure) system no matter what you do. Unless you physically pull the UEFI rom and replace it.
 
  • Like
Reactions: Ken g6

Kenmitch

Diamond Member
Oct 10, 1999
8,505
2,248
136

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
Repost



I thought all the security vulnerability related post went into the master sticky thread?

oh Tom's had it too.... i saw it hit on my google news though znet.

And no that sticky to my knoweldge only applies to intel spectre.
This AMD should have its own thread, and not be hidden under 73 pages of Spectre.
 
  • Like
Reactions: myocardia

Kenmitch

Diamond Member
Oct 10, 1999
8,505
2,248
136
And no that sticky to my knoweldge only applies to intel spectre.
This AMD should have its own thread, and not be hidden under 73 pages of Spectre.

Doesn't matter to me either way, but there's many non spectre/meltdown exploits buried in that thread. It would be better if we created a new thread for each one of them?
 

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
It would be better if we created a new thread for each one of them?

I think it would be as people don't really constantly update reading though stickies.
Stickies are mostly read once and then forgotten i feel, unless you want to pull archived info out of them again.
So each vulnerability i feel should have a new thread to address to people and give them a heads up.
 
  • Like
Reactions: myocardia

ondma

Platinum Member
Mar 18, 2018
2,718
1,278
136
I think it would be as people don't really constantly update reading though stickies.
Stickies are mostly read once and then forgotten i feel, unless you want to pull archived info out of them again.
So each vulnerability i feel should have a new thread to address to people and give them a heads up.
I agree. Never thought the Intel vulnerabilities should have been made a sticky in the first place, but some posters argued strongly for it.
 

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
I agree. Never thought the Intel vulnerabilities should have been made a sticky in the first place, but some posters argued strongly for it.

Well one thing i can say for sure is a UEFI hack is way more dangerous then Spectre / Meltdown.
But again, its only affected on APU's which i do not think anyone in the right mind would use in a mission critical environment, like a EYPC or ThreadRIpper, or even a hardcore popular Twitch Streamer.
 

DrMrLordX

Lifer
Apr 27, 2000
21,582
10,785
136
Well one thing i can say for sure is a UEFI hack is way more dangerous then Spectre / Meltdown.
But again, its only affected on APU's which i do not think anyone in the right mind would use in a mission critical environment, like a EYPC or ThreadRIpper, or even a hardcore popular Twitch Streamer.

I think the fear is that corporate systems with APUs might be vulnerable. Some CFO or whoever clicks a bogus link, gets pwned, and IT tries to do a factory reset/reinstall only for the system to get pwned again because the UEFI is corrupt. Eventually the pwned system spreads the malware to another machine where maybe it can snarf up some credentials with a keylogger.

Fortunately this is patched/going to be patched. We'll just have to see how much the patch hurts performance on Renoir systems, if at all.
 
  • Like
Reactions: aigomorla

RetroZombie

Senior member
Nov 5, 2019
464
386
96
Well one thing i can say for sure is a UEFI hack is way more dangerous then Spectre / Meltdown.
Completely disagree. It's a UEFI hack that require admin access to the machine.

Since all new motherboards sold come with the box open, how sure are you the travel it takes from the foundry until gets into your hands, someone didn't flash an evil UEFI bios on it?

Meltdown could compromise servers you access and then your desktop machine without any admin access need.
 

aigomorla

CPU, Cases&Cooling Mod PC Gaming Mod Elite Member
Super Moderator
Sep 28, 2005
20,839
3,174
126
Completely disagree. It's a UEFI hack that require admin access to the machine.

Which non mission critical machine do you know of do people put in passwords in BIOS?
Even in all of my current machines i do not have a single one of them with a BIOS password.

Again, i have said its not mission critical, but like DrMxLordX states, a lower end user which usually do not password lock there UEFI can run into a miss hap.

And you can not tell me in any right sense of mind a UEFI takeover is not more dangerous then Spectre / Meltdown.
A UEFI takeover can litterally nuke your PC down from overvoltage on both the CPU and RAM which can ultimately lead to you BRICKING your entire PC.
 

RetroZombie

Senior member
Nov 5, 2019
464
386
96
And you can not tell me in any right sense of mind a UEFI takeover is not more dangerous then Spectre / Meltdown.
A UEFI takeover can litterally nuke your PC down from overvoltage
Spectre and Meltdown doesn't require the UEFI takeover.
If your bios is compromised, or it was you who have done it (you are your own malicious attacker) or someone inside your company/house. Or the bios in your board was changed by someone at the foundry or even the postman. But that can be done in any mobo right?

See this no need for UEFI attack:
Modern Intel CPUs Plagued By Plundervolt Attack
«Researchers have discovered a new attack impacting modern Intel CPUs, which could allow an attacker to extract highly-sensitive information – such as encryption keys – from affected processors by altering their voltage

Also another from amd:
Academics disclose new Collide+Probe and Load+Reload attacks on AMD CPUs.
«These attacks can be exploited in real-world scenarios, and with rather ease, without needing physical access, special equipment, or to break apart computer cases to connect to hidden ports -- like many past CPU attacks have required.
When inquired on Twitter if these attacks are as bad as any of the above, one of the researchers said they are not, at least not on the scale of how Meltdown and Zombieload impacted Intel CPUs, which could leak data from inside a CPU's memory much faster and in larger chunks
 

podspi

Golden Member
Jan 11, 2011
1,965
71
91
I have to confess, my UEFI BIOS is password protected. Anything and everything I own that can have a password does, even if it isn't used (ex: Smart TVs, Consoles). I guess I'm just paranoid?
 

tcsenter

Lifer
Sep 7, 2001
18,338
253
126
Don't BIOS passwords get reset when you remove the battery, or use the reset jumpr?
Not for many years now, except perhaps for some rare exceptions. The passwords are double stored in both BIOS/UEFI and backed in a secured area of NVRAM memory within the chipset (with embedded storage controller), the ATA security enabled HDD controller/ASIC, or the storage controller (if add-in card). e.g. ATA Security Feature for locking a HDD to a particular storage controller.
 
  • Like
Reactions: Tlh97 and Gideon