Through the advent of Meltdown and Spectre, there is a heightened element of nervousness around potential security flaws in modern high-performance processors, especially those that deal with the core and critical components of company business and international infrastructure. Today, CTS-Labs, a security company based in Israel, has published a whitepaper identifying four classes of potential vulnerabilities of the Ryzen, EPYC, Ryzen Pro, and Ryzen Mobile processor lines. AMD is in the process of responding to the claims, but was only given 24 hours of notice rather than the typical 90 days for standard vulnerability disclosure. No official reason was given for the shortened time.
Nothing in technology is safe. As always, my advice is to treat any data on a phone or computer as potentially compromisable.
In the grand scheme of things, expected, and not as huge deal like Intel’s Os inside the CPU that can be exploited to get access to everything without anyone knowing and heavy spectre and meltdown vulnerabilities.
Yet Intel’s vulnerabilities have been confirmed not to impact AMD cpus, at least not as much. I can understand that AMD might not be the white knight and exempt from flaws, sure its architecture may present quirks as well because sheer complexity of that thing, but come on…
Cpus were vulnerable before it was cool, so there is no magic here, of course people will discover things by scratching the surface. That’s why, for instance, editors legally prevent you from disassembling their software in case you might see the dirt under the rug.
Anyway, having various architectures out there is not only good for competition but also prevent cpus monoculture, hence limit impact on exploits. I wish there would be more mips, risc-v, sh-4, 68k out there to give Intel and AMD a friendly little poke.
Wouldn’t everyone love to have a transmeta processor right now? I mean, assuming that the flaw wasn’t in the part that couldn’t be updated.
https://www.makeuseof.com/tag/computers-unaffected-meltdown-spectre/
Edited 2018-03-14 20:15 UTC
It’s hard to say for certain that it’s not as big of a deal. The ARM core used as the AMD ‘Secure Processor’ is nowhere near as well documented as the Intel ME, and would require pretty similar levels of access to do some of the things it’s advertised as doing.
The commenters on the Phoronix forums and the people on Reddit who they linked to already made a very convincing case that this is a team of three scammers trying to short AMD stock.
https://www.phoronix.com/forums/forum/phoronix/general-discussion/99…
1. The companies have never been heard of before, except for one of them having gotten in trouble for this kind of thing before.
2. The video they posted is green-screened against stock video backgrounds that the Reddit users tracked down.
3. They only gave AMD 24 hours to respond.
4. Once you get past what a time-strapped reporter is likely to read, their websites are meaningless marketing speak and compilations of copy-pastes from security best-practices guides.
5. Very unusually, their disclosure document is written in CFO buzzword speak.
6. If I read it correctly, the “vulnerabilities” are all overblown things which are analogous to the reports Raymond Chen calls out periodically on The Old New Thing for reducing down to “If you let someone through the air-tight hatchway between un-privileged and privileged, they can cause problems.”
Here are some of the links I mentioned:
https://twitter.com/cynicalsecurity/status/973591954096381952
https://www.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen_securit…
https://www.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen_securit…
https://www.google.com/search?q=Viceroy+Research+bafin
Edited 2018-03-14 01:22 UTC
Exactly what I was going to post.
I really disavow these days where every news channel regurgitates “facts” before checking them.
Rush-rush is a stupid strategy to follow that is causing a lot of trouble on our societies.
Really hope that, somehow, laws grow terse about “fake news” all around the world and punishment get tough.
One more short analysis by Kevin Beaumont, security researcher:
https://doublepulsar.com/on-amd-flaws-from-cts-labs-f167ea00e4e8
Technology is actually remarkably safe when basic security practices are adhered to, like not making admin privileges easy to get in the first place.
The old adage of “If I have physical access to your system, I can own your system” applies here.
Unlike the Intel flaws, a random snippet of javascript on a website can’t grab random information from your cache.
CTS-labs was founded in 2017. It is just four kids in a garage looking for cheap publicity.
http://www.cts-labs.com/management-team
While CTS-labs is definitely shady, what about that page says they’re just four kids? Do you have any information that says they’re lying about their credentials? By linking to that page, you’re helping them, not discrediting them.
https://imgur.com/OkWlIxA
If i have a database server not connected to the internet and that has been running for 30 years, you are going to tell me that it is not safe. The attack vector on os2 via satelite is very small. And the exploits are mostly forgotten.
Edited 2018-03-14 02:33 UTC
Didn’t some chinese researchers release a paper recently about how to steal everything from Air Gapped Systems?
Ok, it was about the speed of an ASR-33 Teletype but…
Same with my data on my Zire 72
They tried to look serious like Spectre/Meltdown, but in reality they look ridiculous. If an attacker can reflash your BIOS or already have admin privileges, it’s all over.
There is a good breakdown of this scam
https://www.gamersnexus.net/industry/3260-assassination-attempt-on-a…
The fishy smell on this one is so bad that the neighbours will be calling the police any time now…
It’s a smear campaign. It appears somebody has been shorting AMD stocks. All they give us as “proof” are graphics and text passages copied from somewhere else.
Please don’t propagate this. If this turns out being as hollow as it seems, you might even make yourselves indictable by doing so. It’s a crime then. 😉
Usually, good advice. But since the so-called exploits require either physical, or local administrative level access *AND* an AMD-signed device driver, I’m thinking this is more PR than security.
If I have the kind of access needed to enable these “exploits”, I already own your system.
After intel pulled crap with the Meltdown / Spectre vulnerability, I think there is some validity to the 0 day. Intel had an embargo and picked winners and losers.. with Microsoft and Linux the winners. They didn’t inform FreeBSD until December and never told smaller OS projects.
At least this way everyone is equally screwed if it’s true.
Nope. Sorry. Any so-called security organization that pulls a stunt like this without at least talking to the vendor first is just a bunch of attention whores.
Even something handwritten on a piece of paper is potentially compromised if someone else gets their hands on it, to say nothing about the common practices still used with said hard copy. I still get a kick out of people telling me they’d rather use a fax machine than Dropbox, because faxing is more secure. Rofl!!! If you absolutely must not ever have something compromised under any circumstances, keep it in your brain and nowhere else.
What I find much more interesting:
“Chimera HW and Chimera SW
The Chimera exploit focuses on the Promontory chipset, and hidden manufacturer backdoors that allow for remote code execution. CTS-Labs cites that ASMedia, the company behind the chipset, has been fallen foul of the FTC due to security vulnerabilities in its hardware.”
The claim or that they intentionally inserted FUD?
True or not, I find it a much more interesting topic.
Ryzen doesn’t protect against this dastardly scheme either.
https://xkcd.com/538/