Unable to fix, attack cost 200USD, AMD Zen 2 peg 3 processor vulnerability exposed 02/27 Update SLTechnology News&Howtos

Unable to fix, attack cost 200USD, AMD Zen 2 peg 3 processor vulnerability exposed

2025-02-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Shulou(Shulou.com)11/24 Report--

CTOnews.com May 3 news, network security experts at the Technical University of Berlin recently released a report saying that there is a vulnerability in the trusted platform module (TPM) on the AMD platform, which can fully access encrypted data through a malicious TPM power short circuit attack.

This means that hackers, including BitLocker, a password management tool that relies exclusively on TPM, can completely break any application or encryption.

The researchers reported that the vulnerability existed in the platform Security processor (Platform Security Processor, or PSP) in Zen 2 and Zen 3 processors, but did not mention whether Zen 4 also had the same vulnerability.

The researchers posted a list of the code and devices needed for the attack on GitHub at a cost of about $200 (CTOnews.com Note: currently about 1384 yuan), and the whole cracking process took "several hours".

The experts used Lenovo's test laptop, where they physically connected the used devices to power, BIOS SPI chips and SVI2 bus (power management interface). This attack targets the PSP security coprocessor present in Zen 2 and Zen 3 processors to obtain data that allows decryption of objects stored in TPM. The key was extracted successfully.

By default, BitLocker only uses the TPM mechanism to store keys, but users can assign a PIN that works with a TPM-based mechanism. This provides multiple layers of protection, but these PIN are not enabled by default and are vulnerable to brute force attacks.

Intel processors are not affected, and the statement sent by AMD to Tom's Hardware is as follows:

AMD learned from this trusted platform module research report that it seems to exploit the vulnerabilities previously discussed on ACM CCS 2021.

This requires physical attacks, usually outside the scope of processor architecture security mitigation measures.

We will continue to innovate new hardware-based protection measures in future products to limit the effectiveness of these technologies.

We are working hard to understand potential new threats and will provide our customers and end users with up-to-date updates and updates.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.