AMD processors built within the past ten years are reported to contain a debugging feature, that may pose a possible security risk.
The hidden mechanism was apparently discovered by a hacker called Czernobyl (AKA Czerno) who posted his findings here.
Czernobyl calls himself a ‘reverse engineer’.
“AMD processors (Athlon XP and better) have included firmware-based debugging features that expand greatly over standard, architecturally defined capabilities of x86,” the hacker wrote. “For some reason, though, AMD has been tightly secretive about these features; hint of their existence was gained by glancing at CBID’s page.”
Czernobyl reportedly used a brute force attack to discover the password.
There are concerns that the debugging feature could reveal exactly how AMD’s chips work, allowing them to be reverse engineered. It also means that there could be a possible security risk, as Czernobyl published a full set of instructions for turning the debugging feature on.
It is not clear at this stage whether the debugger was used by AMD engineers during the processors’ development phase, and then disabled as the chips were shipped.
But Czernobyl dismissed concerns that his revelations could pose a security risk.
“Amidst a ton of comments, I’ve seen some somber interrogations about security,” he wrote. “IMO (in my opinion) what is described herein does not pose new security problems per se; after all MSRs and Control Registers aren’t accessible except from ring zero. Nor are the Host’s CRs and MSRs accessible from a properly designed Virtual machine. I doubt the newly disclosed features will open security risks that were not already present due to poor OS and/or virtualisation systems designs.”
AMD did not respond to eWEEK Europe’s request for information at the time of writing.
The chip vendor recently put aside its rivalry with Intel and joined the chip giant and Nokia, when it signed up to the Linux Foundation’s MeeGo open source project – the operating system Nokia and Intel are looking to use to compete against the Apple iPhone and Android-running handsets.
AMD and Intel had previously been locked in a number of lawsuits, but reached an agreement in November last year to settle the antitrust claims AMD had levelled against Intel.
Article Update:
AMD responsed to eWEEK Europe UK with an email statement…
“This type of undocumented (not secret) registers are common practice and are shared with our customers. In many of our newer products, in fact, they are unlocked and available,” AMD said. “There is no security concern posed by accessing these registers, and they do not enable hacking or reverse engineering of AMD processors.”
“The registers in question are internal registers used by AMD during the development and testing stages of our processors,” it added. ” They are intended for use by AMD engineers only to help deliver higher quality products to the market more quickly. The exact functionality and application of password protections may vary between models, so AMD has chosen to not make access to these registers a supported feature.”
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…