“It’s going to be nearly undetectable and nearly unpatchable.” Only opening a computer’s case, physically connecting directly to a certain portion of its memory chips with a hardware-based programming tool known as SPI Flash programmer and meticulously scouring the memory would allow the malware to be removed, Okupski says.
Let’s hope a microcode or BIOS update can prevent it from happening in the first place.
Notable quote:
Let’s hope a microcode or BIOS update can prevent it from happening in the first place.
Original source:
https://info.defcon.org/event/?id=54863
Relevant links:
https://ioactive.com/event/def-con-talk-amd-sinkclose-universal-ring-2-privilege-escalation/
https://www.youtube.com/watch?v=xSp38lFQeRE
https://www.youtube.com/watch?v=lR0nh-TdpVg&t=2s
https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/
(I found the Bleeping Computer article more informative and concise than the Wired one.)