Jump to content
Sign in to follow this  

Zen processor exploits brought to light

Recommended Posts

Another name for this thread could have been, Intel hires Israeli firm to redirect attention to AMD. :sun:






Share this post

Link to post
Share on other sites
45 minutes ago, Massdriver said:

This seems highly suspect to say the least. 

In what way?


Reading more about it I see why you'd say that.


The vulnerabilities may well be real, I think that will have to be investigated by third parties. Whatever the case, this security company or whoever is behind them seems to have it out for AMD. Between the 24 hour notice and things said in the white paper and on the website seem like they're really trying to drag AMD down.


For example, on the website it warns that those affected are "Any consumer or organization purchasing AMD Servers, Workstations, or Laptops are affected by these vulnerabilities." That's a very weird way to word that, since it those most at risk would be those that actually own a device powered by one of these specific AMD processors.


In the whitepaper, they warn that "these vulnerabilities have the potential to put organizations at significantly increased risk of cyber-attacks" and that "many of the vulnerabilities described in this document are indications of poor security practices and insufficient security quality controls." Compared to the very scholarly approach we saw in the Meltdown whitepaper, this one seems malicious.


Since you need administrative privileges on the machine in order to exploit these, I'd say that they're not super critical issues, even if true.

Share this post

Link to post
Share on other sites


What Happens Now

As this news went live, we got in contact with AMD, who told us have an internal team working on the claims of CTS-Labs. The general feeling is that they have been somewhat blindsided by all of this, given the limited time from notice to disclosure, and are using the internal team to validate the claims made. CTS-Labs state that it has shared the specific methods it used to identify and exploit the processors with AMD, as well as sharing the details with select security companies and the US regulators.


All of the exploits require elevated administrator access, with MasterKey going as far as a BIOS reflash on top of that. CTS-Labs goes on the offensive however, stating that it ‘raises concerning questions regarding security practices, auditing, and quality controls at AMD’, as well as saying that the ‘vulnerabilities amount to complete disregard of fundamental security principles’. This is very strong wording indeed, and one might have expected that they might have waited for an official response. The other angle is that given Spectre/Meltdown, the '1-day' disclosure was designed for the maximum impact. Just enough time to develop a website, anyway.


CTS-Labs is very forthright with its statement, having seemingly pre-briefed some press at the same time it was notifying AMD, and directs questions to its PR firm. The full whitepaper can be seen here, at safefirmware.com, a website registered on 6/9 with no home page and seemingly no link to CTS-Labs. Something doesn't quite add up here.

AMD have us on speed-dial for when an official statement is released.





This all seems to be a very well produced announcement of these issues if those do in fact exist. I am getting with our security expert today in order to discuss the validities of these complaints. No matter what becomes of that, this is a very odd way of announcing security issues. Simply announcing these types of issues with no forewarning is also considered extremely irresponsible and AMD did not get warning of more than 24 hours in advance. We will be reaching out to AMD for further comment, but I doubt we will hear much since it will have to take time to validate and investigate.


The AMDFlaws.com domain was registered with GoDaddy on the 22nd of February and ownership of that domain is hidden by Domains By Proxy, LLC. That again strikes me as odd for a security company to hide the identity of domain ownership.





Still, Dan Guido, a chip security expert and the CEO of security firm Trail of Bits, told Ars that whatever ulterior motives it may have, the paper accurately describes a real threat. After spending much of last week testing the proof-of-concept exploits discussed in the paper, he said, he has determined that the vulnerabilities they exploit are real.


"All the exploits work as described," he said. "The package that was shared with me had well-documented, well-described write-ups for each individual bug. They're not fake. All these things are real. I'm trying to be a measured voice. I'm not hyping them. I'm not dismissing them."


Once hackers gain low-level access to a targeted network, they typically collect as much data as they can as quickly as they can in hopes of elevating their privileges. All that's required to exploit the AMD chip vulnerabilities, Guido said, is a single administrator credential inside the network.


"Once you have administrative rights, exploiting the bugs is unfortunately not that complicated," he said.


Not so fast


Other researchers played down the severity of the flaws and questioned the veracity of the report, which was published the same day that short seller Viceroy Research issued a report saying AMD shares might lose all their value. AMD shares initially fell following publication of the reports, but they eventually closed higher. The report's critics, meanwhile said the requirement that an attacker already have administrative rights meant the vulnerabilities weren't as severe as portrayed.


"All the exploits require root access," said David Kanter, a chip expert who is founder of Real World Technologies. "If someone already has root access to your system, you're already compromised. This is like if someone broke into your home and they got to install video cameras to spy on you."


Still, Kanter agreed with Guido that the vulnerabilities were a major embarrassment for AMD, particularly because most of them reside in the Platform Secure Processor, which is AMD's version of the secure enclave in the iPhone. Unlike Apple, which custom-designed its secure enclave, AMD relies on a 32-bit Cortex A5 processor designed by ARM.





Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this