Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Struggling to get an AMD GPU? This website bug was partly to blame

Image Description

An exploit found on AMD’s online store has allowed users to bypass the site’s security measures and potentially buy up a lion’s share of graphics cards, a boon for GPU scalpers who would have otherwise been thwarted by the online store’s security.

Reported by PCMag, Reddit user ‘originofspices’ explained how they discovered the loophole in a post on the AMD subreddit. They wrote: “At the end of three weeks of testing and coding, I had found a direct add to cart method that not only bypassed any anti-bot measures, but also exposed stock levels for the desired product.

“It was possible to run a script that used this vector from 10:20 AM to 11 AM on Thursdays without any pushback from any anti-bot measures. The moment the item was in stock, it could be added to [the] cart.”

The Reddit user explained to PCMag that they were sure scalpers had discovered the exploit long before they did, and were using it to buy up PC parts likely for the purpose of reselling at a substantial markup. 

GPU blues

Amidst the rampant PC part shortages that show no sign of coming to an end, occurrences like this show that manufacturers could be doing a lot more to prevent scalpers from buying up all available stock. The fact that AMD’s backdoor was so exploitable, while clearly unintentional, is a sign that security efforts are falling short.

Resellers aren’t the only ones making it hard to purchase powerful new GPUs, though. Amid the current cryptocurrency boom, many consumers are buying GPUs for the purpose of cryptomining. In response, some manufacturers like Gigabyte and Asus have attempted to make their own dedicated cryptomining cards. 

However, these can be even more expensive than regular GPUs, as is the case with the Asus CMP 30HX, which still makes popular GPUs like the GeForce RTX 3080 the preferred option.

Thankfully, AMD took notice of the Reddit user’s efforts to shine a light on the exploit, and it has since been fixed. Hopefully AMD’s online store will now function as intended, allowing general consumers to more easily get their hands on the powerful GPUs they’ve likely been after for months. We’ve contacted AMD for a comment.

  • Best GPUs: these are the best graphics cards for gaming

Date

23 Apr 2021

Sources

Share

Other Blog

  • Google wants secure open-source software to be the future

    After attending the recent White House Open Source Software Security Summit, Google is now calling for a public-private partnership to not only fund but also staff essential open-source projects.

    In a new blog post, president of global affairs and chief legal officer at both Google and Alphabet, Kent Walker laid out the search giant's plans to better secure the open-source software ecosystem.

    For too long, businesses and governments have taken comfort in the assumption that open source software is generally secure due to its transparent nature. While many believe that more eyes watching can help detect and resolve problems in the open source community, some projects actually don't have many eyes on them while others have few or none at all.

    To its credit, Google has been working to raise awareness of the state of open source security and the company has invested millions in developing frameworks and new protective tools. However, the Log4j vulnerability and others before it have shown that more work is needed across the ecosystem to develop new models to maintain and secure open source software.

    Public-private partnership 

    In his blog post, Kent proposes creating a new public-private partnership to identify a list of critical open source projects to help prioritize and allocate resources to ensure their security.

    In the long term though, new ways of identifying open source software and components that may pose a system risk need to be implemented so that the level of security required can be anticipated and the appropriate resources can be provided.

    At the same time, security, maintenance and testing baselines need to be established across both the public and private sector. This will help ensure that national infrastructure and other important systems can continue to rely on open source projects. These standards also should be developed through a collaborative process according to Kent with an “emphasis on frequent updates, continuous testing and verified integrity”. Fortunately, the software community has already started this work with organizations like OpenSFF working across industry to create these standards.

    Now that Google has weighed in on the issue of open source security, expect other tech giants like Microsoft and Apple to propose their own ideas regarding the matter.

    We've also rounded up the best open source software and the best business laptops

    Read More

  • AMD Radeon RX 6800 XT GPU price in India announced

    AMD has announced the India price of Radeon RX 6800 XT GPU which directly competes with the Nvidia RTX 3080.

    Read More

  • Move over Intel, the new Razer Blade 14 is finally powered by AMD Ryzen

    The new Razer Blade 14 isn't just thin and light, but it also packs the most powerful laptop hardware on the market today.

    Read More

  • This Huawei LTE USB stick has a serious security flaw

    Sloppy permissions on a critical file makes the vulnerability rather easy to exploit.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us