In a statement to WIRED, AMD highlighted the difficulty of exploiting Sinkclose: to exploit the vulnerability, a hacker must have access to a computer’s core, the core of its operating system. AMD compares the Sinkhole technique to a method of accessing a bank’s safe deposit box after bypassing its alarms, guards, and vault door.
Nissim and Okupski counter that while exploiting Sinkclose requires kernel-level access to a machine, such vulnerabilities are exposed in Windows and Linux on a near-monthly basis. They argue that sophisticated state-sponsored hackers of the sort who could exploit Sinkclose likely already possess techniques to exploit such vulnerabilities, known or unknown. “People have kernel exploits for all of these systems right now,” Nissim says. “They exist and are available to attackers. This is the next step.”
Nissim and Okupski’s Sinkclose technique works by exploiting a little-known feature of AMD chips known as TClose. (In fact, the name Sinkclose comes from combining that term TClose with Sinkhole, the name of an earlier System Management Mode exploit found on Intel chips in 2015.) On AMD-based machines, a protection known as TSeg prevents the computer’s operating systems from writing to a protected portion of memory that’s supposed to be reserved for System Management Mode, known as System Management Random Access Memory, or SMRAM. However, AMD’s TClose feature is designed to allow computers to remain compatible with older devices that use the same memory addresses as SMRAM by reallocating other memory to those SMRAM addresses when it’s enabled. Nissim and Okupski discovered that, with only the operating system privilege level, they could use that TClose remapping feature to trick the SMM code into obtaining data that they had altered, in a way that allowed them to redirect the processor and have it execute their own code at the same highly privileged SMM level.
“I think it’s the most complex bug I’ve ever exploited,” Okupski says.
Nissim and Okupski, both specialists in the security of low-level code such as processor firmware, say they decided to investigate AMD’s architecture two years ago, simply because they felt it hadn’t received enough scrutiny compared with Intel, even as its market share increased. They found the critical case of TClose that enabled Sinkclose, they say, simply by reading and rereading AMD’s documentation. “I think I read the page where the vulnerability was about a thousand times,” Nissim says. “And then, at the thousandth, it hit me.” They alerted AMD to the flaw in October of last year, they say, but waited nearly 10 months to give AMD more time to prepare a fix.
For users looking to protect themselves, Nissim and Okupski say that for Windows machines (likely the vast majority of affected systems) they expect patches for Sinkclose to be integrated into updates shared by computer manufacturers with Microsoft, which will incorporate them into future OS updates. Patches for servers, embedded systems, and Linux machines may be more piecemeal and manual; for Linux machines, it will depend in part on the Linux distribution the computer has installed.
Nissim and Okupski say they agreed with AMD not to release any proof-of-concept code for their Sinkclose exploit for several months, in order to allow more time for the issue to be fixed. But they argue that despite any attempts by AMD or others to downplay Sinkclose as too difficult to exploit, that shouldn’t stop users from applying the patch as soon as possible. Sophisticated hackers may have already figured out their technique, or may figure out how to do so after Nissim and Okupski present their findings at Defcon.
While Sinkclose requires relatively deep access, IOActive researchers warn, the much deeper level of control it offers means potential targets shouldn’t wait to deploy any available fix. “If the foundation is broken,” Nissim says, “then the security of the entire system is broken.”