Unlike Intel, AMD has been exposed to new vulnerabilities that can be exploited by two different types of attacks, which have been found to reverse engineering and affect the unencrypted location in the L1 data warehouse.
This is important, since since 2011 the cache has had some improvements, but the operating system hasn't changed much, allowing the risk of accessing sensitive data to all processors from 2011 to today, desktop and server without exception.
Take the Way: The CPU is exposed to a local attack or from the cloud
Although the risk may seem trivial as some of them are at Intel, it's true that it has the ability to attack even from the cloud, making it easy to steal sensitive information from anywhere in the world.
According to investigators, this attack could happen on Firefox or Chrome without any problem:
We are postponing the developer of L1D cache expert AMD in the construction of small structures from 2011 to 2019, resulting in two new internal attack structures Take the road.
The first is that Collide + Probe, which allows access to memory in the current core of memory without the knowledge of actual addresses or shared memory. The second takes the name Upload + Reload it detects specific traces of access to application memory located in the same physical environment, where both are based on Specter attacks.
We explore our new attack methods in various locations. We have developed a high-speed secret channel and used it in Specter attacks to filter out sensitive private data. In addition, we have limited access to various implementation strategies ASLR from traditional code with JavaScript. Finally, we get the key to the flawless AES implementation.
The people who received this impact are part of the University of Graz Technology, where several students have been experiencing some of the weakest conditions on Intel CPUs, which the company has raised funds for and donated to research funds.
There is currently no patch or reduction possible, but both AMD and Microsoft are working on it.
AMD responds, but does not talk about being vulnerable
Less than 24 hours ago AMD arrived first to try to bring some light on the whole issue and its statements are quite impressive.
They claim that they know of a technical document that guarantees that the hacker can use the function associated with an unintended user data transfer cache.
Researchers are comparing this method of data with a variety of software, which is reduced, or at risk of doing something subtle. AMD believes this is not a new attack based on speculation.
Therefore, the company recommends the following to help reduce problems in secondary channels:
- Keep your app updated works with the latest versions of the software and platform firmware updates, including possible reductions in risk-based thinking.
- Follow the steps of encoding it's safe.
- Use of Recent versions taken from important libraries, including those involved in third-party attacks.
- Use safe computer systems too Launch antivirus software.
As we can see, the answer has been confusing as it is very vague: they do not deny and they do not guarantee and they do not provide a real solution to the problem, they are just general steps where it seems that the problem may or may not be recognized.
Why doesn't AMD really recognize the problem? Doesn't have a software solution? Investigators are proposing solutions for hardware and software, where this could result in loss of performance equal to or similar to that experienced by Intel.
In the meantime, all we can do is wait for the solutions offered by the company.
