This means that hackers can completely compromise any application or encryption, including BitLocker, a password management tool that relies exclusively on the TPM.

The researchers report that the vulnerability exists on the Platform Security Processor (PSP) in Zen 2 and Zen 3 processors, but the report does not mention whether Zen 4 also has the vulnerability.

The researchers published a list of codes and equipment required for the attack on GitHub, which cost about $200 (currently about RMB 1384), and the entire cracking process takes “several hours.”

The experts used a test laptop from Lenovo, and they physically connected the user device to the power supply, the BIOS SPI chip, and the SVI2 bus (power management interface). The attack targets the PSP security coprocessor present in Zen 2 and Zen 3 processors to obtain data that would allow the decryption of objects stored in the TPM. Successfully extracted “key”.

By default, BitLocker uses only TPM mechanisms to store keys, but users can assign a PIN that works with TPM-based mechanisms. This provides multiple layers of protection, but these PINs are not enabled by default and are vulnerable to brute-force attacks.

Intel processors are not affected, and AMD sent Tom’s Hardware the following statement:

• AMD has learned from this Trusted Platform Module research report that it appears to exploit a related vulnerability previously discussed at ACM CCS 2021.
• This requires an attack by physical means, usually outside the scope of processor architecture security mitigations.
• We are continually innovating new hardware-based protections in future products to limit the efficacy of these technologies.
• We are working hard to understand potential new threats and will provide updates and updates to our customers and end users in a timely manner.

The post AMD Zen 2/3 Processor Vulnerabilities Exposed, Attack Costs $200 appeared first on TechGoing.