CTS Labs' disclosure of supposed AMD security flaws looks shady

10788 ryzen power campaign imagery

10788 ryzen power campaign imagery

The allure of wall-to-wall coverage from technology media, particularly after high-profile, highly-produced vulnerability disclosures such as Meltdown and Spectre, Heartbleed, and POODLE may be attracting groups with ulterior motives, as shown by the highly irregular release of a series of exploits which affect AMD's EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processors.

Under the category Masterkey, CTS Labs claimed that there were a number of flaws in the firmware of the secure processor that would allow attackers to gain access to this processor; stealthy and persistent malware could reside in this area; AMD's firmware-base security features like Secure Encrypted Virtualisation and Firmware Trusted Platform Module could be tampered with; network credential theft was possible, and hardware could be physically damaged and bricked.

To get there, an attacker needs administrator access, either directly or remotely, in order to flash a computer's motherboard BIOS.

Moreover, they claim the vulnerabilities lie in the "secure" part of the processor - a place where your chip stores things like encryption keys, or checks on boot, to see if you have any malicious code running. This can also be used by attackers to bypass Windows Credential Guard and infiltrate secure networks. The three Masterkey vulnerabilities enable "three distinct pathways to bypass Hardware Validated Boot on EPYC and Ryzen and achieve arbitrary code execution on the Secure Processor itself".

It continues: "The Fallout vulnerabilities allows access to protected memory regions that are otherwise sealed off by hardware".

"The chipset links the CPU to USB, SATA, and PCI-E devices". Because Wi-Fi, network and Bluetooth traffic flows through the chipset, an attacker could use that to infect your device, the researchers said. "An attacker could leverage the chipset's middleman position to launch sophisticated attacks", they said.

So in a nutshell, this suite of vulnerabilities looks to be pretty bad news for AMD.

More news: Margot Robbie Reportedly In Final Negotiations For Tarantino's Manson Movie
More news: Heavy snow showers possible later; another storm possible next week
More news: Slovak junior government party wants early election if coalition collapses

The AMD Secure Processor is also allegedly at risk from another set of flaws that CTS Labs has dubbed Masterkey. It's also worth noting that AMD has been made aware of the issues, as have "select security companies" that could help mitigate the fallout and United States regulators. An AMD spokesperson told CNET: "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise".

"An AMD spokesman said that it was still investigating this report, which we just received, to understand the methodology and merit of the findings".

KitGuru says: While there is plenty of reason to be suspicious of CTS Labs, Viceroy Research and the claims being made in their public papers, it is important to note that the vulnerabilities outlined could still be real.

Chart illustrating which products are affected by which vulnerabilities, credit CTS Labs.

While we are not saying someone is deliberately trying to undermine AMD but, the evidence is hinting that something is fishy here. When they announced the news they already had a website (AMDFlaws.com) along with several videos and presentations pertaining to these AMD vulnerabilities. These flaws could potentially allow attackers to insert malware into a system that could be impossible to detect and would have direct access to a system's confidential and sensitive data. "It is our view that the existence of these vulnerabilities betrays disregard of fundamental security principles".

"When we were looking into the security of chips made by a Taiwanese company called ASMedia, we discovered that many of ASMedia's products contain backdoors that could be used by hackers to inject malicious code into the chip", said Ido Li On, chief executive of CTS-Labs. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.