Evidence Suggests Report on AMD Security Was Financially Motivated

Author Photo
Mar 13

[UPDATE 12:10 AM Wednesday, March 14, 2018 Eastern Time (ET)]

Based on the latest available information, wccftech.com now believes that the publication of a whitepaper by CTS Labs regarding 13 alleged security issues with AMD processors this past Tuesday morning may have been financially motivated and linked to illegal AMD stock manipulation activity.

CTS Labs gave AMD and other parties involved only 24 hours to respond to its claims, whilst the researchers that discovered the Meltdown and Spectre vulnerabilities last year gave the industry 6 months to find solutions and develop workarounds.

amd-zen-ryzen-benchmarks-featureRelatedAMD Ryzen 7 2700X 3DMark Benchmarks Leaked, 18% Faster vs 1700X & Cheaper

CTS Labs has also explicitly declared potential financial interest in the companies they research, and so far they have published only one research report involving one company, AMD.

CTS Labs has issued the following disclaimer
“Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports”

Additionally, mere minutes after the the publication of the CTS Labs whitepaper yesterday morning we saw Viceroy Research, a company currently under investigation by the SEC for illegal market activities as well as an infamous stock shorter, publish their own multi-page report calling for AMD to cease sale of all its latest CPU products, declaring a $0 price target on the stock and warning of “imminent bankruptcy”.

Suffice to say we thought that the situation surrounding these security flaws was dubious to say the least at first glance, but also believed there was some merit to some of the exploits reported. Since then we’ve learned that the majority of the alleged “fatal security flaws” reported require administrative privileges and in many cases even require the user to actively flash their BIOS with an unsigned file containing malicious code.

5qs3zk5dv2eeiu5tRelatedAMD Aggressively Taking CPU Share From Intel, Reportedly on Track to Return to its Athlon64 Heydays

None of which is required for Meltdown and Spectre and something we believe is unrealistic in a real-world setting. Furthermore, none of the security issues can penetrate into kernel memory.  and kernel memory, again unlike Spectre or Meltdown.

As such, we believe the report was both exaggerated and misleading and we’d urge caution surrounding any future reports from this self-proclaimed security research company.

You will find the original article as published on Tuesday morning below.

A new report published by Tel Aviv based security company CTS-Labs alleges discovering 13 fatal security flaws in AMD’s new lineup of Ryzen and EPYC processors. The report claims these 13 security vulnerabilities fall under four distinct classes which the company has dubbed Ryzenfall, Masterkey, Fallout and Chimera.

The vulnerabilities don’t affect AMD’s Zen CPU cores themselves but rather two other chips which are part of the Rzyen and EPYC system. The first is the ARM based AMD Secure Processor and the second is the ASMedia Promontory chipset.

CTS-Labs has given AMD 24 hours to respond to its report, which is substantially short of the standard 90 day period for security disclosures.  No official reason was given by CTS Labs for the shorted period provided. In the meantime, AMD is offering the following statement on the issue :

“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings,”

AMD Secure Processor

The AMD Secure Processor is a small ARM core built into AMD’s Zeppelin die, which powers AMD’s Ryzen and EPYC processors, as well as the Raven Ridge die, which powers the company’s Ryzen APU product lineup.

The secure processor is allegedly susceptible to vulnerabilities that could allow hackers to infiltrate protected networks by bypassing Microsoft’s Windows Credential Guard. They could also bypass Secure Encrypted Virtualization on EPYC chips. Additionally, hackers allegedly may be able to gain full access to physical memory, peripherals and fTPM. Finally, malicious code could be executed on EPYC secure processor.

AMD Ryzen “Promontory” Chipset

This is what we used to call the southbridge in the old days. It’s the chip that links Ryzen to the rest of the motherboard I/O, including Wifi, storage and internal extension cards. The report alleges that the Promontory chipset, designed and manufactured by Asus subsidiary ASMedia, has several expolitable backdoors which could allow hackers to execute malicious code on the chip.

Press Release

March 13, 2018 10:00 AM Eastern Daylight Time

TEL AVIV, Israel–(BUSINESS WIRE)–CTS Labs, a cyber-security research firm and consultancy, today released a severe security advisory on Advanced Micro Devices, Inc. (“AMD” or “the Company”) (NASDAQ:AMD) processors.

A CTS Labs security audit revealed multiple critical security vulnerabilities and manufacturer backdoors in AMD’s latest EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processors. These vulnerabilities have the potential to put organizations at significantly increased risk of cyber-attacks.

CTS Labs has produced a white paper report further detailing these vulnerabilities available at amdflaws.com. CTS Labs has also shared this information with AMD, Microsoft, HP, Dell, and select security companies, in order that they may work on developing mitigations and patches, and examine and research these and any other potential vulnerabilities at the Company. CTS Labs has also shared this information with relevant U.S. regulators.

CTS Labs is a cyber-security research firm and consultancy based in Tel Aviv, Israel specializing in hardware and embedded systems security. For more information about CTS Labs, please see cts-labs.com.

AMD Ryzen & EPYC CPUs Allegedly Subject To Ryzenfall, Masterkey, Fallout and Chimera Vulnerabilities



This vulnerability allegedly allows hackers to take control of the Secure Processor and use its privileges to read and write in protected memory areas, namely the SMRAM and the Windows Credential Guard memory.

Hackers could also bypass the Windows Credntial Guard to steal network credentials and infeltrate secure Windows networks.
Ryzenfall can be used in conjuction with another vulnerability, Masterkey, to install persistent malware on the Secure Processor which can be used to spy on the system’s activities for extended periods of time.
Ryzenfall affects Zeppelin and Raven Ridge based products, like Ryzen, Ryzen Pro and Ryzen Threadripper.


Similarly to Ryzenfall, Fallout allows hackers to read and write from and onto protected memory areas, such as SMRAM and Windows Credential Guard isolated memory (VTL-1) as well as steal network credentials protected by Windows Credential Guard.
It can also be used to bypass BIOS flashing protections implemented in SMM.
Fallout affects AMD’s EPYC chips.



Chimera consists of two backdoors, one firmware based and one hardware based.The backdoors allow hackers to inject the Ryzen Promontry chipset with malicious code and launch attacks via USB, SATA, PCIe devices and through Network, WiFi & Bluetooth.
An infected chipset can be used to launch DMA — Direct Memory Access — based attacks on the OS. This vulnerability affects desktop Ryzen based systems.


Masterkey consists of multiple vulnerabilities in the Secure Processor firmware which would allow hackers to attackers to infiltrate it and infect with malware as well as bypass firmware based security features, including Secure Encrypted Virtualization SEV and Firmware Trust Platform Module fTPM. This vulnerability can be exploited to steal network credentials and even brick hardware by corrupting the firmware code.
This vulnerability affects EPYC, desktop Ryzen and to a lesser extent mobile Ryzen and Ryzen Pro.


Can It Be Fixed?

CTS Labs claims that Ryzenfall, Masterkey and Fallout can be fixed via firmware updates, but could take several months for those fixes to be delivered. Chimera on the other hand reportedly can’t be fixed directly because it’s a hardware issue but can be addressed with a workaround. Although, CTS Labs alleges this may produce side affects and could prove difficult to achieve.