Security Firm Claims AMD Chips Have Critical Vulnerabilities

Adjust Comment Print

AMD has found itself dragged into a security controversy of its own this week, after a questionable research firm known as CTS Labs published a paper claiming to detail four vulnerabilities in Zen-based processors, which was immediately followed up by a report from Viceroy Research.

Customers running servers using Epyc, AMD's x86 server processor based on the company's Zen microarchitecture introduced previous year, or using hardware running on the Ryzen chipset in workstations, laptops or mobile devices could be vulnerable.

Chart illustrating which products are affected by which vulnerabilities, credit CTS Labs. All of the vulnerabilities require an attacker to already have gained administrator access to a machine, and the "MasterKey" vulnerability requires BIOS flashing in order to exploit. All four lead directly into the secure portion of AMD processors, where sensitive data like passwords and encryption keys are stored, but they achieve their goals in different ways. The newly announced flaws in AMD's Ryzen and EPYC processors are no exception to this rule-in fact, their revelation was even more focused on garnering attention from the public than many other disclosures. "An attacker could sit there for years without ever being detected". Instead of waiting a full year to reveal these vulnerabilities, CTS Labs made a decision to inform the public of its discovery. The vulnerabilities in the hardware can't be fixed.

Under the Ryzenfall category, CTS Labs claimed that malicious code could be used to take over the AMD Secure Processor; privileges of this processor could be used to write into protected memory areas; Windows Credential Guard could be bypassed and network credentials stolen; and Ryzenfall could be used along with Masterkey to install persistent malware on the Secure processor.

Considering the "risk" involved, it is surprising that CTS Labs went public with their finding just 24 hours after notifying AMD. The folks at GamersNexus spoke to a few security experts about the matter, and rightly pointed out that if you have physical access to a system, then you could run malware on a PC of any kind, whether it is powered by AMD or not.

"Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik [as far as I know]), and their exploit code works", Guido said on Twitter.

Why CTS Labs ignored the standard practice of giving a vendor a 90 day window to address the flaws isn't very clear.

Also, CTS Lab has asked everyone to look at the situation objectively as the AMD costumers and the company itself are aware of the exploits.

Security Firm Claims AMD Chips Have Critical Vulnerabilities
Security Firm Claims AMD Chips Have Critical Vulnerabilities

"Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports", CTD-Labs says.

iTWire has sought clarification from CTS Labs on various aspects of the disclosures, including matters surrounding them which have been raised by various security researchers.

The other piece of good news is that the security firm CTS-Labs chose to redact the technical information around the vulnerabilities. This will hopefully prevent hackers from exploiting the vulnerabilities.

This comes in sharp contrast to way the disclosure of the Meltdown and Spectre chip vulnerabilities were handled.

Fallout also allows attackers to get access to protected data on AMD's CPUs, but it only applies to the Epyc processors.

It's unclear how long it would take to fix these issues.

However, CTS Labs claims that its actions are meant to highlight what is described as AMD's "disregard of fundamental security principles" in the hope that the security community takes note. Intel and Microsoft are still managing patches for the Meltdown and Spectre considering the initial patches they released caused more problems than solving them.

More news: Sessions to fire FBI's McCabe before he retires?
More news: Snow piles up in Northeast as blizzard begins winding down
More news: Celebrate Pi Day 2018 With A Slice Of Pie