News New AMD Side Channel Attacks Discovered, Impacts Zen Architecture

Toggle sidebar Toggle sidebar
USAFRet said:
For those of you who thought Intel was the only line vulnerable...
Click to expand...
These people were hyped to see that. It really really disappointing that the discovery was more than 90 days ago and yet no attempt to resolve 2 very major security flaw on AMD CPU.
 
Last edited by a moderator:
There are ZERO real world exploits for any of the vulnerabilities - they are lab tests and are not exploitable in the wild... it's not like it's a piece of malware. This goes for Intel and AMD. If you allow someone unfettered physical access to your server in the real world - you need to look for another job.

More and more of these vulnerabilities will be coming for AMD - until now they were a novel niche CPU with no real installed base - if you aren't looking, you aren't finding. I would be more worried about the rowhammer type attacks - those can be exploited rather easily.
 
  • Like
Reactions: riesengebirge
InvalidError said:
As I wrote back when the first bugs in Intel's chips were discovered: only a matter of time until AMD-specific bugs are found, AMD just wasn't getting as much attention previously as the minority player.
Click to expand...
Deicidium369 said:
There are ZERO real world exploits for any of the vulnerabilities - they are lab tests and are not exploitable in the wild... it's not like it's a piece of malware. This goes for Intel and AMD. If you allow someone unfettered physical access to your server in the real world - you need to look for another job.

More and more of these vulnerabilities will be coming for AMD - until now they were a novel niche CPU with no real installed base - if you aren't looking, you aren't finding. I would be more worried about the rowhammer type attacks - those can be exploited rather easily.
Click to expand...
Its alarming and i betting these amd individuals would say "this discovery was paid by Intel" on community forums in order to cover their major disappointment of being wrong.
 
Last edited by a moderator:
USAFRet said:
For those of you who thought Intel was the only line vulnerable...
Click to expand...
this is a specter style attack, which means it requires physical access to the computer, adjustments to the bios and administrative passwords to work.

In short it's a nothing burger. that's not to say AMD isn't vulnerable to security risks, but this one is a whole lot of nothing. because if someone has that much access to the computer, they don't need a virus.
 
  • Like
Reactions: _Treadstone, riesengebirge, alextheblue and 1 other person
ingtar33 said:
this is a specter style attack, which means it requires physical access to the computer, adjustments to the bios and administrative passwords to work.

In short it's a nothing burger. that's not to say AMD isn't vulnerable to security risks, but this one is a whole lot of nothing. because if someone has that much access to the computer, they don't need a virus.
Click to expand...
And how many comments have we seen in the last couple of years with:
"I'll never buy Intel again because of these vulnerabilities!" Spectre, Metldown, etc.

Given enough access and poking around, all code has a hole.
 
No one ever said that AMD's CPU's are 'untouchable' by potential security exploits... however, AMD remains LEAST AFFECTED (at least compared to Intel), and are usually quick to respond with security patches.

The sheer amount of security vulnerabilities that affect Intel are usually more important for servers and data centres (where big money is).
On an individual user level, a person is not very likely to encounter issues related to these exploits... however, out of the two, Zen uArch is (and I am repeating myself here) 'least affected'.
 
  • Like
Reactions: riesengebirge, alextheblue and Makaveli
USAFRet said:
Given enough access and poking around, all code has a hole.
Click to expand...
It is possible to write secure code, albeit on the smaller end of things. A lot of the insecurity in modern software comes from pervasive use of off-the-shelf blobs, rarely vetting those blobs and how they are used. Kind of hard to fully vet code in modern environments where "hello world" involves 50 million lines of external code most people have zero visibility into.
 
  • Like
Reactions: ubercake, alextheblue and Paul Alcorn
It was just a matter of time, considering Ryzen has become popular enough to warrant serious vulnerability research and in this case, it was the research project of a graduate/postgraduate hoping for a PhD.

They were also responsible enough to at least give AMD advance notice in August 2019 (for any title-only readers), so it'll be interesting to see if AMD already addressed this quietly via past BIOS updates (IE: Doing their job without needing to be prodded like Intel) and improved hardware security for Zen 3 and 4 (and even maybe newer production stock, like the AF 1200/1600 and newer batches of 2000 and 3000 series).

That said, it's nice that Intel is indirectly providing bug bounties on AMD's behalf. Sure, AMD takes a minor hit from sensationalist titles once a vulnerability is found, but they also don't have to pay for bug bounties themselves. And like this research paper, digging into Ryzen for that PhD is fresh territory, as opposed to trying a paper on a new Intel vulnerability.

Considering AMD has 2 active teams that compete with each other on Ryzen development, the sooner any vulnerabilities are discovered, the faster AMD can respond and amend in-progress development.
 
  • Like
Reactions: Makaveli
AMD or intel does not matter much both are US companies. and USA wants to "spy" on the WORLD.

I find it funny that most of the bugs are found by Europe. and I find it funny that they dont hire european scientist to monitor the designs of the CPU ...

I have a relative professor in Germany , in Computer engineering , and he told me , "these bugs can be avoided easily from early stages of design , but they put it there and turn a blind eye on them , and all what you read in the news is to fool the people, as a Scientist I am telling you it is avoidable from the beginning."
 
  • Like
Reactions: riesengebirge
deksman said:
No one ever said that AMD's CPU's are 'untouchable' by potential security exploits... however, AMD remains LEAST AFFECTED (at least compared to Intel), and are usually quick to respond with security patches.

The sheer amount of security vulnerabilities that affect Intel are usually more important for servers and data centres (where big money is).
On an individual user level, a person is not very likely to encounter issues related to these exploits... however, out of the two, Zen uArch is (and I am repeating myself here) 'least affected'.
Click to expand...
AMD is less affected by Intel bugs because they are two different solutions to the same problem. It also means that AMD has different vulnerabilities compared to Intel and given the focus on Intel products now, it is no wonder they find more Intel vulnerabilities.
Give time to AMD to become more popular and you'll see how full of holes they are also.
 
nofanneeded said:
AMD or intel does not matter much both are US companies. and USA wants to "spy" on the WORLD.
Click to expand...
In the consumer CPU space, there is zero need for any govt to "spy" on people at the CPU level.

People willingly give up ALL their deepest secrets and post them online. Sometimes even willingly pay for the privilege of doing so.

Google/MS/Amazon/FB/Apple knows more about you than you do.
 
  • Like
Reactions: King_V, alextheblue and Phaaze88
What about the Ryzen Threadripper CPUs, those are also ZEN based, but they handle memory completely different than the AM4 Ryzens?
 
InvalidError said:
If you wanted to be able to spy on people, you wouldn't use bugs that have no practical exploit method to do it.
Click to expand...
USAFRet said:
In the consumer CPU space, there is zero need for any govt to "spy" on people at the CPU level.

People willingly give up ALL their deepest secrets and post them online. Sometimes even willingly pay for the privilege of doing so.

Google/MS/Amazon/FB/Apple knows more about you than you do.
Click to expand...
I mean look at these AMD individuals response....it seem likes they saying "at least better than Intel security flaws"..."Intel is worst"....."Intel paid security researchers to find AMD security flaws"....."amd is less affected because it popular". I swear you see these on forums and hardware articles soon.

What matter is? AMD had 90 days+ to fix and nothing. After Ryzen releases, AMD officials say they the up most best security out there (this right after multiple intel security issue discoveries). These are 2 security issue on AMD products that are major because it much simpler to hack more than all Intel Security issue.
 
Just to make it clear, this vulnerability was demonstrated to expose META-DATA and allow for 'covert' communication between two processes (that would need to work together). The real world utilization or impact of these discoveries is trivial, and is not even remotely on par with the Intel vulnerabilities that were discovered in Meltdown and Zombieload. In the discovered Intel vulnerabilities, the Intel processor flaws were leaking actual system memory/data.

Don't take my word for it though, here is a twitter response from one of the research paper's authors:

https://twitter.com/x/status/1236218121704239104

View: https://mobile.twitter.com/gnyueh/status/1236178639483527168


li baao - "Thanks a lot for your work! I find it hard to read a paper which is irrelevant to my profession. Is this vulnerability as severe as Meltdown or Zombieload? "

Daniel Gruss- "Certainly not. The attacks leak a few bit of meta-data. Meltdown and Zombieload leak tons of actual data. "



All the best...
 
Last edited:
  • Like
Reactions: riesengebirge, shady28, Jim90 and 1 other person
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom