PressSplit
Two cybersecurity researchers discovered a huge security flaw in a PC component. The vulnerability dates back to 2006.
Kassel – Computers, laptops, etc. have become an important part of everyday life. But the technology is not free of errors, as a cybersecurity organization has now discovered. Millions of people are affected by a huge security gap.
Laptops and computers: Millions of PC users are affected by a security vulnerability. © William Perugini/imago
Massive security flaw in AMD processors: “You have to throw away the computer”
Enrique Nissim and Krzysztof Okupski, researchers from IOActive, uncovered significant security problems in processors at the annual hacker trade fair Defcon in Las Vegas. The processor chips affected are from AMD. The US company is one of the world market leaders in the semiconductor industry.
What is a processor?
A processor (Central Processing Unit, CPU) is a hardware component that functions as the central unit of the computer system. The chip ensures that all software in the system runs correctly. The computer cannot run without a CPU. They are also installed in laptops, smartphones and other devices.
As the industry magazine Wired reported that all AMD chips have been affected by the vulnerability called “Sinkclose” since at least 2006. The security gap allows hackers to nest particularly deeply in computers. The installed malware would bypass antivirus programs and give third parties full access to the computer. Getting rid of it is almost impossible. The software could even survive a reinstallation of the operating system.
“You basically have to throw the computer away,” Nissim admitted. An infection can only be detected and removed using appropriate tools such as SPI Flash Programmer. The tool then establishes a connection to a specific part of the chip, which allows the malware to be removed. This is unthinkable for people who are not familiar with PCs.
Millions of PCs affected by security vulnerability: Manufacturer announces updates
Manufacturer AMD took note of the results of the two researchers and published on its Website a list of products in which the security vulnerability is to be fixed. When and how exactly this will happen is still unclear. In addition, older product series such as Ryzen 1000, Ryzen 2000 and Ryzen 3000 will not receive any security updates. For everyone else, it is a case of waiting. According to Heise However, appropriate patches should be passed on to the device manufacturers.
AMD admitted that it is not easy for hackers to gain access to computers via the “skinclose” security hole. It is about as difficult as robbing bank safe deposit boxes. However, the two researchers emphasized to Wiredthat professional hackers in particular “probably” have techniques to exploit this vulnerability.
Just recently, thousands of televisions were affected by a massive security flaw. The product security of Asus WLAN routers was also recently at risk. (which)
