https://www.extremetech.com/computing/265582-everything-surrounding-new-amd-security-allegations-reeks-hit-job
CTS-Labs, has accused AMD of 13 serious security flaws within its products.
Standard operating procedure in security disclosures; vendors are typically given at least a 90-day window to implement solutions. But in this case, AMD was notified a day ahead of the disclosure.
23 Comments
Tomi Engdahl says:
Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD “Should Be $0″
https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs
Here’s a histrionic quote for you: “AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety.”
That’s a real quote from Viceroy Research’s deranged, apoplectic report on CTS Labs’ security allegations against AMD’s Ryzen architecture. The big story today seemed to mirror Meltdown, except for AMD: CTS Labs, a research company supposedly started in 2017, has launched a report declaring glaring security flaws for AMD’s processors. By and large, the biggest flaw revolves around the user installing bad microcode.
There are roots in legitimacy here, but as we dug deep into the origins of the companies involved in this new hit piece on AMD, we found peculiar financial connections that make us question the motive behind the reportage.
Tomi Engdahl says:
By the way AMD stock value is going down at the moment (almost 3 percet today after)
Tomi Engdahl says:
A primary concern is the window of time provided to AMD: For Spectre and Meltdown, AMD, ARM, and Intel were provided minimally six months to build security patches prior to the public unveiling of exploits. This is in the best interest of the public. CTS Labs, meanwhile, purportedly unveiled its findings to press and analysts prior to reporting the alleged exploit to AMD. AMD was given 24 hours notice before the news embargo lift on the story, which is clearly not enough time to respond to such allegations.
Tomi Engdahl says:
New post
CTS-Labs turns out to be the company that produced the CrowdCores Adware
https://imgur.com/a/2cV3k
Tomi Engdahl says:
New Found Spectre-Like Security Exploits For AMD CPUs Might Be Fake
https://segmentnext.com/2018/03/14/spectre-vulnerabilities-amd-cpus-fake/
Just recently CTS Lab published a report detailing the Spectre-like security exploits for virtually every AMD CPU, however, the legitimacy of these has been questioned and there is a chance that these exploits could very well be fake.
Before we make or point regarding these exploits being potentially fake, take a look at the video below which was released by CTS Lab detailing the Spectre-like exploits for AMD CPUs, and paying attention to the technicalities is not necessary, all you have to do is watch it.
Just recently CTS Lab published a report detailing the Spectre-like security exploits for virtually every AMD CPU, however, the legitimacy of these has been questioned and there is a chance that these exploits could very well be fake.
https://www.youtube.com/watch?v=pgYhOwikuGQ
Now that you have seen the video, take a look the image below which will make you realize that the video was produced using the green screens and stock office and server images were applied to the background of the video.
Tomi Engdahl says:
However, this doesn’t necessarily mean that the exploits are all made up they might exist but, their impact on AMD CPUs might not the same or as much as CTS Lab is making it to be. Also, this comes just weeks before AMD releasing it’s Ryzen 2 CPUs and APUs.
Tomi Engdahl says:
CTS Lab Sent Out “Complete Research Package” For Spectre-Like Exploits To AMD And Other Tech Companies
https://segmentnext.com/2018/03/14/cts-lab-proof-concept-code-amd-spectre/
CTS Lab is the Israeli security firm that published the report revealing the critical Spectre like exploits to which virtually all AMD CPUs are vulnerable, however, questions were raised due to the lack of proof-of-concept for the security exploits and some started to question the legitimacy of the report and the firm itself.
However, the firm has revealed that it has sent out the proof-of-concept for the Spectre like exploits to not only AMD but to other major tech companies.
In a statement to Techpowerup, the firm said that it has sent out “complete research package” to AMD, Microsoft, HP, Dell, Symantec, FireEye, and Cisco Systems which includes full technical write-ups about the vulnerabilities, functional proof-of-concept exploit code along with the instructions detailing how to recreate the exploits.
However, the security firm was somewhat criticized over giving AMD just 24 hours before making the report public because usually, the firms give 90 days margin to the company before the report is made public.
Tomi Engdahl says:
https://amdflaws.com/
Tomi Engdahl says:
On AMD Flaws from CTS Labs
https://doublepulsar.com/on-amd-flaws-from-cts-labs-f167ea00e4e8
Some initial technical analysis from me.
All of the bugs require administrator (or root) access to exploit. This is a significant mitigation.
All of the bugs require the ability to execute code. This is a significant mitigation.
No proof of concept code has been provided.
No technical information has been published.
Nothing is in the wild for this.
It could not lead to a global cyber attack like WannaCry, as it does not provide code execution.
Tomi Engdahl says:
In terms of disclosure this happened with full press releases to major media organisations and no independent analysis of facts, or demonstrations of the vulnerabilities. The website makes extreme claims about the vulnerabilities
Tomi Engdahl says:
“Fake News” smear campaign targets AMD this time around.
http://forum.notebookreview.com/threads/fake-news-smear-campaign-targets-amd-this-time-around.814473/
Tomi Engdahl says:
Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD “Should Be $0″
https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs#!/ccomment-page=1
Here’s a histrionic quote for you: “AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety.”
That’s a real quote from Viceroy Research’s deranged, apoplectic report on CTS Labs’ security allegations against AMD’s Ryzen architecture. The big story today seemed to mirror Meltdown, except for AMD: CTS Labs, a research company supposedly started in 2017, has launched a report declaring glaring security flaws for AMD’s processors. By and large, the biggest flaw revolves around the user installing bad microcode.
There are roots in legitimacy here, but as we dug deep into the origins of the companies involved in this new hit piece on AMD, we found peculiar financial connections that make us question the motive behind the reportage.
Tomi Engdahl says:
Assassination Attempt on AMD by Viceroy Research & CTS Labs
https://www.youtube.com/watch?v=ZZ7H1WTqaeo
Tomi Engdahl says:
AMD stock
https://finance.yahoo.com/quote/AMD/
Tomi Engdahl says:
AMD Flaws Overview
https://www.youtube.com/watch?v=BDByiRhMjVA
Tomi Engdahl says:
http://ir.amd.com/news-releases/news-release-details/view-our-corner-street-0
Tomi Engdahl says:
Everything Surrounding These New AMD Security Allegations Reeks of a Hit Job
https://www.extremetech.com/computing/265582-everything-surrounding-new-amd-security-allegations-reeks-hit-job
Tomi Engdahl says:
CTS Labs Provides Clarifications on AMD Chip Flaws
https://www.securityweek.com/cts-labs-provides-clarifications-amd-chip-flaws
As a result of massive backlash from the industry, Israel-based security firm CTS Labs has provided some clarifications about the recently disclosed AMD processor vulnerabilities and its disclosure method.
CTS Labs this week published a report providing a brief description of 13 critical vulnerabilities and backdoors found in EPYC and Ryzen processors from AMD. The flaws can allegedly be exploited for arbitrary code execution, bypassing security features, stealing data, helping malware become resilient against security products, and damaging hardware.
The vulnerabilities affect AMD’s Secure Processor, an environment where critical tasks are executed in order to secure the storage and processing of sensitive data and applications. The flaws have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA, and exploiting them requires elevated privileges to the targeted machine.
AMD was only notified 24 hours before the vulnerabilities were disclosed, but no technical details have been published in order to prevent exploitation for malicious purposes.
CTS Labs was only launched recently and its founders’ work experience has raised some questions. This, combined with the lack of technical details in the report has made many people doubt that the vulnerabilities exist or that they are as critical as the company claims.
However, Dan Guido, CEO of Trail of Bits, and Alex Ionescu, a reputable researcher and Windows security expert, have confirmed CTS Labs’ findings after reviewing technical information provided by the company. Guido was paid to review the work, but Ionescu said he wasn’t.
CTS Labs has come under fire for not giving AMD time to release patches before its disclosure. A
In response to criticism, CTS Labs CTO Ilia Luk-Zilberman argued that the company’s approach to “responsible disclosure” is more beneficial for the public.
Luk-Zilberman admitted that CTS should have asked several third-parties to confirm its findings before going public in order to convince everyone that their claims are true.
While the CTO’s argument might make sense, many members of the industry are not convinced, particularly due to CTS’s disclaimer claiming that it may have, “either directly or indirectly, an economic interest in the performance of the securities [of AMD].” There is also the report from Viceroy, which attempts to persuade that “AMD is worth $0.00 and will have no choice but to file for Chapter 11 (Bankruptcy) in order to effectively deal with the repercussions of recent discoveries.”
In an update posted on its AMDflaws.com website, CTS claimed that exploitation of the vulnerabilities does not require physical access; executing a file with local admin privileges on the targeted machine is enough.
https://amdflaws.com/
Tomi Engdahl says:
”Uudet pohjat” – Linus Torvalds tylyttää AMD-aukon löytäjiä todella rajusti
https://www.is.fi/digitoday/tietoturva/art-2000005605980.html?ref=rss
Tomi Engdahl says:
AMD Chip Flaws Confirmed by More Researchers
https://www.securityweek.com/amd-chip-flaws-confirmed-more-researchers
Another cybersecurity firm has independently confirmed some of the AMD processor vulnerabilities discovered by Israel-based CTS Labs, but the controversial disclosure has not had a significant impact on the value of the chip giant’s stock.
CTS Labs last week published a brief description of 13 allegedly critical vulnerabilities and backdoors found in EPYC and Ryzen processors from AMD. The company says the flaws can be exploited for arbitrary code execution, bypassing security features (e.g. Windows Defender Credential Guard, Secure Boot), stealing data, helping malware become resilient against security products, and damaging hardware.
The flaws have been dubbed MASTERKEY, RYZENFALL, FALLOUT and CHIMERA, and exploiting them requires elevated privileges to the targeted machine — physical access is not required. The security firm will not disclose technical details any time soon in order to prevent abuse.
CTS Labs, which no one heard of until last week, came under fire shortly after its disclosure for giving AMD only a 24-hour notice before going public with its findings, and for apparently attempting to short AMD stock. The company later made some clarifications regarding the flaws and its disclosure method.
Trail of Bits was the first to independently review the findings. The company, which has been paid for its services, has confirmed that the proof-of-concept (PoC) exploits developed by CTS Labs work as intended, but believes that there is “no immediate risk of exploitation of these vulnerabilities for most users.”
“Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers,” Trail of Bits said in a blog post.
“In our opinion the original CTS Labs report might have been problematically phrased in a way that misrepresented the threat model and impact that the RYZENFALL-1 and RYZENFALL-3 vulnerabilities present,” Check Point said in a blog post. “However, problematic phrasing aside, after inspecting the technical details of the above, we can indeed verify that these are valid vulnerabilities and the risks they pose should be taken under consideration.”
“AMD Flaws” Technical Summary
https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
Technical Summary
The security architecture of modern computer systems is based on a defense in depth. Security features like Windows Credential Guard, TPMs, and virtualization can be used to prevent access to sensitive data from even an administrator or root.
The AMD Platform Security Processor (PSP) is a security coprocessor that resides inside AMD CPUs and is implemented as a separate ARM CPU. It is similar to Intel ME or the Apple Secure Enclave. It runs applications that provide security features like the TPM or Secure Encrypted Virtualization. The PSP has privileged access to the lowest level of the computer system.
The PSP firmware can be updated through a BIOS update, but it must be cryptographically signed by AMD. Physical access is usually not required to update the BIOS and this can be done with administrator access to the computer. The MASTERKEY vulnerability bypasses the PSP signature checks to update the PSP with the attacker’s firmware. Cfir Cohen on the Google Cloud Security Team discovered a similar issue in an adjacent area of the AMD PSP in September 2017.
The PSP also exposes an API to the host computer. The FALLOUT and RYZENFALL vulnerabilities exploit the PSP APIs to gain code execution in the PSP or the SMM.
The “chipset” is a component on the motherboard used to broker communication between the processor, memory, and peripherals. The chipset has full access to the system memory and devices. The CHIMERA vulnerability abuses exposed interfaces of the AMD Promontory chipset to gain code execution in the chipset processor.
Exploitation requirements
All exploits require the ability to run an executable as admin (no physical access is required)
MASTERKEY additionally requires issuing a BIOS update + reboot
Tomi Engdahl says:
AMD Confirms Chip Vulnerability, Says Report Exaggerated Danger
https://www.bloomberg.com/news/articles/2018-03-20/amd-confirms-chip-vulnerability-says-report-exaggerated-danger
Company asking for investigation of unusual stock trading
All potential exploits to be fixed with software within weeks
Advanced Micro Devices Inc., Intel Corp.’s main rival in computer microprocessors, said a report earlier this month alleging that its chips have widespread, fundamental vulnerabilities greatly exaggerated the severity of the threat.
There are 13 potential exploits that will be fixed within weeks through software updates, the chipmaker said Tuesday in a statement. There’s no evidence that of any of those holes has been used for malevolent purposes, and it would be extremely difficult to use any of them to attack computers, the Sunnyvale, California-based company said. AMD saw reports of unusual trading activity in its stock about a week ago when an Israeli company called CTS Labs went public with a report on the flaws and has reported it to the relevant authorities.
Tomi Engdahl says:
“It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system,” AMD’s Chief Technology Officer Mark Papermaster said in the statement
Tomi Engdahl says:
AMD Says Patches Coming Soon for Chip Vulnerabilities
https://www.securityweek.com/amd-says-patches-coming-soon-chip-vulnerabilities
AMD Chip Vulnerabilities to be Addressed Through BIOS Updates – No Performance Impact Expected
After investigating recent claims from a security firm that its processors are affected by more than a dozen serious vulnerabilities, chipmaker Advanced Micro Devices (AMD) on Tuesday said patches are coming to address several security flaws in its chips.
In its first public update after the surprise disclosure of the vulnerabilities by Israeli-based security firm CTS Labs, AMD said the issues are associated with the firmware managing the embedded security control processor in some of its products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
AMD attempted to downplay the risks, saying that any attacker gaining administrative access could have a wide range of attacks at their disposal “well beyond the exploits identified in this research.”
“Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues,” the notice continued.
“Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers,” Trail of Bits added.
Check Point has also confirmed two of the RYZENFALL vulnerabilities following its own review.
“This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings,” AMD stated last week.
Some have compared the recent AMD vulnerabilities to Meltdown and Spectre, which impact CPUs from Intel, AMD, ARM and others. However, some argued that the issues disclosed by CTS Labs are nowhere near as severe due to the fact that they mostly impact AMD’s Secure Processor technology rather than the hardware itself.