this post was submitted on 17 Aug 2024
546 points (98.6% liked)

Technology

59963 readers
3503 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] lurch@sh.itjust.works 13 points 4 months ago (1 children)

I doubt it, because those bugs require to already have extensive access to the victim PC. Basically, they just expand the trouble on an already compromised system. It's bad for sure, but at that point you're already knee deep in shit and this just adds a few buckets on top.

[–] Blue_Morpho@lemmy.world 6 points 4 months ago (1 children)

The AMD bug requires the same access that any of serious previous exploits have given. You don't need physical access. Any exploit that gives root means the payload can be the AMD firmware exploit which will make it permanently undetectable by anti virus and wiping the os won't remove it.

For example the ssh exploit from years ago allowed root without even an account on the machine. Those affected detected they had been owned, wiped their machines and restored from backup. If something like that happens again, (https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html?m=1) you won't be able to know you are owned.

[–] MonkderVierte@lemmy.ml 5 points 4 months ago (1 children)

Any exploit that gives root

Same in green. If the attacker has physical access or root, you have lost already.

[–] Blue_Morpho@lemmy.world 2 points 4 months ago* (last edited 4 months ago) (1 children)

This AMD firmware exploit is different. Yes if an exploit gets your computer you have lost. But it happens to thousands every day. A virus scan will detect it and an OS wipe will clean it.

This AMD exploit means the exploit lives inside the CPU firmware. It can't ever be detected or removed by normal means because the CPU itself is compromised. (Unless you have the hardware to pull physical signals off your dram chips.)

In the past even normal OS patches would clear out any virus's lingering in the PC population. Now you could be compromised and never know or be able to do anything about it.

[–] lurch@sh.itjust.works 6 points 4 months ago (1 children)

A virus scan will detect it and an OS wipe will clean it.

This only works before the malware has been executed and only if the malware scanner knows it. Often Antivirus can block access to the malware, so it can't be executed.

If it has been executed, the PC needs to be shut down and all writable mediums connected wiped (including boot sectors and EFI), maybe even the BIOS reset, if it can be updated, to be 100% clean. If you can't do this, you have to toss the PC in the trash.

If the PC is not shut down, the malware could still survive in RAM and re-install its files or download something else, eg. a remote shell or rootkit.

These processor security flaws just extend this to the CPU firmware, meaning you need to reset this too, after malware has been executed on the PC. If you just downloaded it and the antivirus blocked and deleted it, you're still safe.

If it got executed and you or a technician can't remove it from the CPU, you have to toss the PC in the trash, just like you already had to if you can't reset a malware that flashed itself into an updatable BIOS, for example.

[–] Blue_Morpho@lemmy.world 0 points 4 months ago (1 children)

Offline virus scanners are standard. That's always how you detect if you have been infected. Bios viruses are detected and removed by standard anti-virus software.

[–] lurch@sh.itjust.works 2 points 4 months ago (1 children)

BIOS and UEFI bootkits require special vendor tools and vendor signed firmware binaries to overwrite the SPI memory. Standard anti-virus software can not remove them, once they have been installed.

[–] Blue_Morpho@lemmy.world 1 points 4 months ago

You are right, you patch your bios with a vendor program. However regular virus scanners will detect it and motherboard manufacturers provide bios flashing tools. But AMD has said they will not provide firmware tools for their old CPUs.