Evidence Suggests Report on AMD Security Was Financially Motivated
[UPDATE 12:10 AM Wednesday, March 14, 2018 Eastern Time (ET)]
Based on the latest available information, wccftech.com now believes that the publication of a whitepaper by CTS Labs regarding 13 alleged security issues with AMD processors this past Tuesday morning may have been financially motivated and linked to illegal AMD stock manipulation activity.
CTS Labs gave AMD and other parties involved only 24 hours to respond to its claims, whilst the researchers that discovered the Meltdown and Spectre vulnerabilities last year gave the industry 6 months to find solutions and develop workarounds.
CTS Labs has also explicitly declared potential financial interest in the companies they research, and so far they have published only one research report involving one company, AMD.
CTS Labs has issued the following disclaimer
"Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports"
Additionally, mere minutes after the the publication of the CTS Labs whitepaper yesterday morning we saw Viceroy Research, a company currently under investigation by the SEC for illegal market activities as well as an infamous stock shorter, publish their own multi-page report calling for AMD to cease sale of all its latest CPU products, declaring a $0 price target on the stock and warning of "imminent bankruptcy".
Suffice to say we thought that the situation surrounding these security flaws was dubious to say the least at first glance, but also believed there was some merit to some of the exploits reported. Since then we've learned that the majority of the alleged "fatal security flaws" reported require administrative privileges and in many cases even require the user to actively flash their BIOS with an unsigned file containing malicious code.
None of which is required for Meltdown and Spectre and something we believe is unrealistic in a real-world setting. Furthermore, none of the security issues can penetrate into kernel memory. and kernel memory, again unlike Spectre or Meltdown.
As such, we believe the report was both exaggerated and misleading and we'd urge caution surrounding any future reports from this self-proclaimed security research company.
You will find the original article as published on Tuesday morning below.
A new report published by Tel Aviv based security company CTS-Labs alleges discovering 13 fatal security flaws in AMD's new lineup of Ryzen and EPYC processors. The report claims these 13 security vulnerabilities fall under four distinct classes which the company has dubbed Ryzenfall, Masterkey, Fallout and Chimera.
The vulnerabilities don't affect AMD's Zen CPU cores themselves but rather two other chips which are part of the Rzyen and EPYC system. The first is the ARM based AMD Secure Processor and the second is the ASMedia Promontory chipset.
CTS-Labs has given AMD 24 hours to respond to its report, which is substantially short of the standard 90 day period for security disclosures. No official reason was given by CTS Labs for the shorted period provided. In the meantime, AMD is offering the following statement on the issue :
"At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings,"
AMD Secure Processor
The AMD Secure Processor is a small ARM core built into AMD's Zeppelin die, which powers AMD's Ryzen and EPYC processors, as well as the Raven Ridge die, which powers the company's Ryzen APU product lineup.
The secure processor is allegedly susceptible to vulnerabilities that could allow hackers to infiltrate protected networks by bypassing Microsoft's Windows Credential Guard. They could also bypass Secure Encrypted Virtualization on EPYC chips. Additionally, hackers allegedly may be able to gain full access to physical memory, peripherals and fTPM. Finally, malicious code could be executed on EPYC secure processor.
AMD Ryzen "Promontory" Chipset
This is what we used to call the southbridge in the old days. It's the chip that links Ryzen to the rest of the motherboard I/O, including Wifi, storage and internal extension cards. The report alleges that the Promontory chipset, designed and manufactured by Asus subsidiary ASMedia, has several expolitable backdoors which could allow hackers to execute malicious code on the chip.
March 13, 2018 10:00 AM Eastern Daylight Time
TEL AVIV, Israel--(BUSINESS WIRE)--CTS Labs, a cyber-security research firm and consultancy, today released a severe security advisory on Advanced Micro Devices, Inc. (“AMD” or “the Company”) (NASDAQ:AMD) processors.
A CTS Labs security audit revealed multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processors. These vulnerabilities have the potential to put organizations at significantly increased risk of cyber-attacks.
CTS Labs has produced a white paper report further detailing these vulnerabilities available at amdflaws.com. CTS Labs has also shared this information with AMD, Microsoft, HP, Dell, and select security companies, in order that they may work on developing mitigations and patches, and examine and research these and any other potential vulnerabilities at the Company. CTS Labs has also shared this information with relevant U.S. regulators.
CTS Labs is a cyber-security research firm and consultancy based in Tel Aviv, Israel specializing in hardware and embedded systems security. For more information about CTS Labs, please see cts-labs.com.
AMD Ryzen & EPYC CPUs Allegedly Subject To Ryzenfall, Masterkey, Fallout and Chimera Vulnerabilities
Hackers could also bypass the Windows Credntial Guard to steal network credentials and infeltrate secure Windows networks.
Ryzenfall can be used in conjuction with another vulnerability, Masterkey, to install persistent malware on the Secure Processor which can be used to spy on the system's activities for extended periods of time.
Ryzenfall affects Zeppelin and Raven Ridge based products, like Ryzen, Ryzen Pro and Ryzen Threadripper.
Fallout affects AMD's EPYC chips.
Chimera consists of two backdoors, one firmware based and one hardware based.The backdoors allow hackers to inject the Ryzen Promontry chipset with malicious code and launch attacks via USB, SATA, PCIe devices and through Network, WiFi & Bluetooth.
An infected chipset can be used to launch DMA -- Direct Memory Access -- based attacks on the OS. This vulnerability affects desktop Ryzen based systems.
Can It Be Fixed?
CTS Labs claims that Ryzenfall, Masterkey and Fallout can be fixed via firmware updates, but could take several months for those fixes to be delivered. Chimera on the other hand reportedly can't be fixed directly because it's a hardware issue but can be addressed with a workaround. Although, CTS Labs alleges this may produce side affects and could prove difficult to achieve.