Latest in Gear

Image credit:

AMD CPUs for the past 9 years are vulnerable to data leak attacks

AMD reportedly heard about the Take A Way flaws several months ago.
29 Shares
Share
Tweet
Share

Sponsored Links

Joseph Branston/Maximum PC Magazine/Future via Getty Images

It's not just Intel chips that are vulnerable to hard-to-fix security flaws. Researchers at the Graz University of Technology have detailed a pair of side channel attacks under the "Take A Way" name that can leak data from AMD processors dating back to 2011, whether it's an old Athlon 64 X2, a Ryzen 7 or a Threadripper. Both exploit the "way predictor" for the Level 1 cache (meant to boost the efficiency of cache access) to leak memory content. The Collide+Probe attack lets an intruder monitor memory access without having to know physical addresses or shared memory, while Load+Reload is a more secretive method that uses shared memory without invalidating the cache line.

Unlike some side channel attacks, it hasn't taken long to show how these exploits would work in the real world. The team took advantage of the flaws using JavaScript in common browsers like Chrome and Firefox, not to mention virtual machines in the cloud. While Take A Way only dribbles out a small amount of information compared to Meltdown or Spectre, that was enough for the investigators to access AES encryption keys.

It's possible to address the flaw through a mix of hardware and software, the researchers said, although it's not certain how much this would affect performance. Software and firmware fixes for Meltdown and Spectre have typically involved speed penalties, although the exact hit depends on the task.

We've asked AMD for comment. However, the authors suggest that AMD has been slow to respond. They said they submitted the flaws to AMD in late August 2019, but haven't heard back despite keeping quiet about the flaw for the past several months.

The findings haven't been without controversy, although it doesn't appear to be as questionable as some thought at first. While Hardware Unboxed found disclosures that Intel funded the research, raising concerns about the objectivity of the study, the authors have also received backing from Intel (and other sources) for finding flaws in the company's own chips as well as other products. It appears to just be a general effort to spur security research, then. As it stands, the funding source doesn't change the practical reality -- AMD may have to tweak its CPU designs to safeguard against Take A Way attacks going forward.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
29 Shares
Share
Tweet
Share

Popular on Engadget

BMW will discontinue its iconic i8 hybrid sports car in April

BMW will discontinue its iconic i8 hybrid sports car in April

View
Tesla starts delivering the Model Y

Tesla starts delivering the Model Y

View
'Star Trek: Voyager' gets an unofficial 4K remaster thanks to AI

'Star Trek: Voyager' gets an unofficial 4K remaster thanks to AI

View
NASA warns Moon base plans might slip by a year

NASA warns Moon base plans might slip by a year

View
SpaceX launches its original Dragon capsule for the last time

SpaceX launches its original Dragon capsule for the last time

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr