Carbon Chemist

Tag: amd

  • ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

    ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

    [ad_1]

    In a background statement to WIRED, AMD emphasized the difficulty of exploiting Sinkclose: To take advantage of the vulnerability, a hacker has to already possess access to a computer’s kernel, the core of its operating system. AMD compares the Sinkhole technique to a method for accessing a bank’s safe-deposit boxes after already bypassing its alarms, the guards, and vault door.

    Nissim and Okupski respond that while exploiting Sinkclose requires kernel-level access to a machine, such vulnerabilities are exposed in Windows and Linux practically every month. They argue that sophisticated state-sponsored hackers of the kind who might take advantage of Sinkclose likely already possess techniques for exploiting those vulnerabilities, known or unknown. “People have kernel exploits right now for all these systems,” says Nissim. “They exist and they’re available for attackers. This is the next step.”

    Image may contain Computer Electronics Laptop Pc Desk Furniture Table Adult Person Computer Hardware and Hardware

    IOActive researchers Krzysztof Okupski (left) and Enrique Nissim.Photograph: Roger Kisby

    Nissim and Okupski’s Sinkclose technique works by exploiting an obscure feature of AMD chips known as TClose. (The Sinkclose name, in fact, comes from combining that TClose term with Sinkhole, the name of an earlier System Management Mode exploit found in Intel chips in 2015.) In AMD-based machines, a safeguard known as TSeg prevents the computer’s operating systems from writing to a protected part of memory meant to be reserved for System Management Mode known as System Management Random Access Memory or SMRAM. AMD’s TClose feature, however, is designed to allow computers to remain compatible with older devices that use the same memory addresses as SMRAM, remapping other memory to those SMRAM addresses when it’s enabled. Nissim and Okupski found that, with only the operating system’s level of privileges, they could use that TClose remapping feature to trick the SMM code into fetching data they’ve tampered with, in a way that allows them to redirect the processor and cause it to execute their own code at the same highly privileged SMM level.

    “I think it’s the most complex bug I’ve ever exploited,” says Okupski.

    Nissim and Okupski, both of whom specialize in the security of low-level code like processor firmware, say they first decided to investigate AMD’s architecture two years ago, simply because they felt it hadn’t gotten enough scrutiny compared to Intel, even as its market share rose. They found the critical TClose edge case that enabled Sinkclose, they say, just by reading and rereading AMD’s documentation. “I think I read the page where the vulnerability was about a thousand times,” says Nissim. “And then on one thousand and one, I noticed it.” They alerted AMD to the flaw in October of last year, they say, but have waited nearly 10 months to give AMD more time to prepare a fix.

    For users seeking to protect themselves, Nissim and Okupski say that for Windows machines—likely the vast majority of affected systems—they expect patches for Sinkclose to be integrated into updates shared by computer makers with Microsoft, who will roll them into future operating system updates. Patches for servers, embedded systems, and Linux machines may be more piecemeal and manual; for Linux machines, it will depend in part on the distribution of Linux a computer has installed.

    Nissim and Okupski say they agreed with AMD not to publish any proof-of-concept code for their Sinkclose exploit for several months to come, in order to provide more time for the problem to be fixed. But they argue that, despite any attempt by AMD or others to downplay Sinkclose as too difficult to exploit, it shouldn’t prevent users from patching as soon as possible. Sophisticated hackers may already have discovered their technique—or may figure out how to after Nissim and Okupski present their findings at Defcon.

    Even if Sinkclose requires relatively deep access, the IOActive researchers warn, the far deeper level of control it offers means that potential targets shouldn’t wait to implement any fix available. “If the foundation is broken,” says Nissim, “then the security for the whole system is broken.”

    [ad_2]

    Source link

  • Why China is betting big on chiplets

    Why China is betting big on chiplets

    [ad_1]

    But this approach to chipmaking poses a bigger challenge for another sector of the semiconductor industry: packaging, which is the process that assembles multiple components of a chip and tests the finished device’s performance. Making sure multiple chiplets can work together requires more sophisticated packaging techniques than those involved in a traditional single-piece chip. The technology used in this process is called advanced packaging. 

    This is an easier lift for China. Today, Chinese companies are already responsible for 38% of the chip packaging worldwide. Companies in Taiwan and Singapore still control the more advanced technologies, but it’s less difficult to catch up on this front.

    “Packaging is less standardized, somewhat less automated. It relies a lot more on skilled technicians,” says Harish Krishnaswamy, a professor at Columbia University who studies telecommunications and chip design. And since labor cost is still significantly cheaper in China than in the West, “I don’t think it’ll take decades [for China to catch up],” he says. 

    Money is flowing into the chiplet industry

    Like anything else in the semiconductor industry, developing chiplets costs money. But pushed by a sense of urgency to develop the domestic chip industry rapidly, the Chinese government and other investors have already started investing in chiplet researchers and startups.

    In July 2023, the National Nature Science Foundation of China, the top state fund for fundamental research, announced its plan to fund 17 to 30 chiplet research projects involving design, manufacturing, packaging, and more. It plans to give out $4 million to $6.5 million of research funding in the next four years, the organization says, and the goal is to increase chip performance by “one to two magnitudes.”

    This fund is more focused on academic research, but some local governments are also ready to invest in industrial opportunities in chiplets. Wuxi, a medium-sized city in eastern China, is positioning itself to be the hub of chiplet production—a “Chiplet Valley.” Last year, Wuxi’s government officials proposed establishing a $14 million fund to bring chiplet companies to the city, and it has already attracted a handful of domestic companies.

    At the same time, a slew of Chinese startups that positioned themselves to work in the chiplet field have received venture backing. 

    Polar Bear Tech, a Chinese startup developing universal and specialized chiplets, received over $14 million in investment in 2023. It released its first chiplet-based AI chip, the “Qiming 930,” in February 2023. Several other startups, like Chiplego, Calculet, and Kiwimoore, have also received millions of dollars to make specialized chiplets for cars or multimodal artificial-intelligence models. 

    [ad_2]

    Source link