AMD CPUs for the past 9 years are vulnerable to data leak attacks

Unlike some side channel attacks, it hasn’t taken long to show how these exploits would work in the real world. The team took advantage of the flaws using JavaScript in common browsers like Chrome and Firefox, not to mention virtual machines in the cloud. While Take A Way only dribbles out a small amount of information compared to Meltdown or Spectre, that was enough for the investigators to access AES encryption keys.

It’s possible to address the flaw through a mix of hardware and software, the researchers said, although it’s not certain how much this would affect performance. Software and firmware fixes for Meltdown and Spectre have typically involved speed penalties, although the exact hit depends on the task.

We’ve asked AMD for comment. However, the authors suggest that AMD has been slow to respond. They said they submitted the flaws to AMD in late August 2019, but haven’t heard back despite keeping quiet about the flaw for the past several months.

The findings haven’t been without controversy, although it doesn’t appear to be as questionable as some thought at first. While Hardware Unboxed found disclosures that Intel funded the research, raising concerns about the objectivity of the study, the authors have also received backing from Intel (and other sources) for finding flaws in the company’s own chips as well as other products. It appears to just be a general effort to spur security research, then. As it stands, the funding source doesn’t change the practical reality — AMD may have to tweak its CPU designs to safeguard against Take A Way attacks going forward.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.