AMD CPU vulnerabilities published by unknown security firm after 24 hours notice

AMD Zen 2 architecture

AMD has found itself dragged into a security controversy of its own this week, after a questionable research firm known as CTS Labs published a paper claiming to detail four vulnerabilities in Zen-based processors, which was immediately followed up by a report from Viceroy Research.

The second, dubbed Ryzenfall, consists of four "design and implementation flaws" inside the AMD Secure OS, which powers the AMD Secure Processor found in Ryzen, Ryzen Pro and Ryzen Mobile products.

AMD says that the chips for Secure Processor are impenetrable.

Moreover, they claim the vulnerabilities lie in the "secure" part of the processor - a place where your chip stores things like encryption keys, or checks on boot, to see if you have any malicious code running.

By exploiting the FALLOUT flaws, attackers could steal network credentials protected by the Windows Credential Guard and could disable BIOS flashing protections, allowing for the exploitation of the MASTERKEY flaws on systems where BIOS flashing is blocked, CTS Labs said.

Ryzenfall is a threat that allows for malware to completely hijack a Secure Processor allowing access to secure data that would normally be out of the reach of attackers. If the hacker gains access to the low-level target network, then they can collect the data they required.

Some of these attacks are created to exploit loopholes in safeguard mechanisms to "steal network credentials, and then potentially spread through even highly secure Windows corporate networks".

The backdoors, one located in firmware and one in hardware, allows the execution of malicious code inside the chipset and would give attackers a man-in-the-middle position to spy on all USB, SATA, LAN, WiFi and other traffic passing through the chipset.

More news: Miley Cyrus sued for $300 million over 'We Can't Stop' copyright infringement

"The chipset links the CPU to USB, SATA, and PCI-E devices".

As is the case with many security exploits, these could theoretically allow hackers access to personal credentials and provide an opportunity to spread malware, but the white paper also warns of the potential for "long-term industrial espionage".

So in a nutshell, this suite of vulnerabilities looks to be pretty bad news for AMD. The AMD version of the co-processor has series of critical flaws which make the task of attackers easy.

"The Ryzen chipset, a core system component that AMD outsourced to a Taiwanese chip manufacturer, ASMedia, is now being shipped with exploitable manufacturer backdoors inside", reads the whitepaper put out by CTS Labs, the company that discovered the vulnerabilities.

AMD has been notified and is looking into the issue: "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise", an AMD spokesman said. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.

CTS Labs said that the Ryzen chipset, a new line from AMD, was being shipped with exploitable backdoors, which had come about as a result of obtaining technology from ASMedia, an outsourcing partner.

Nevertheless, CTS-Labs researchers don't want the flaws to be brushed off lightly. All we can say is the situation feels fishy. According to CTS Labs, it has still not heard anything from AMD, and researchers claim it could take months to fix the vulnerabilities, notes CNET. "An attacker could sit there for years without ever being detected".

This had raised suspicions that CTS Labs may have a commercial motive for disclosing the AMD vulnerabilities so soon after notifying the chip maker. The supplied whitepaper from CTS-Labs has so far not offered much detail into the specifics of the vulnerabilities - a stark contrast to the level of detail offered by Google's Project Zero report with the Spectre and Meltdown vulnerabilities, which were also made public many months after being disclosed to those potentially affected.

Related News:

  • FBI officials recommend former #2 at FBI Andrew McCabe be fired

    FBI officials recommend former #2 at FBI Andrew McCabe be fired

    The McCabe-linked source shot down an allegation that McCabe tried to stymie an investigation into the Clinton family charity. McCabe first joined the Federal Bureau of Investigation in 1996, investigating organized crime cases in NY .
    Claire Foy Paid Less Than Matt Smith for 'The Crown'

    Claire Foy Paid Less Than Matt Smith for 'The Crown'

    Smith was nominated twice, with Foy, for Screen Actors Guild awards for performance in an ensemble for The Crown . The path certainly looks brighter for Foy's Season 3 and 4 replacement Olivia Colman, however.
    Oil up, but Opec sees rapid growth in rival supply

    Oil up, but Opec sees rapid growth in rival supply

    Output has been helped by the 25% rise in oil prices over the past year, along with improvements in efficiency and technology. Gasoline stocks fell by 6.3 million barrels, compared with analysts' expectations in a poll for a 1.2 million-barrel drop.
  • Forecast: Warm and windy today in the Omaha area

    Forecast: Warm and windy today in the Omaha area

    Blustery, with a west wind 16 to 20 miles per hour , with gusts as high as 39 miles per hour . West, southwest wind 10 to 18 miles per hour with gusts as high as 25 miles per hour .
    Microsoft to set up two data centres in the UAE

    Microsoft to set up two data centres in the UAE

    Etisalat is also consulting on migration and managed services to see to the smooth transition of business customers to the cloud. The new announcement expands Azure regions to 50 regions across the globe, which includes plans for 12 new regions.
    Trump tells people he is selecting Larry Kudlow to replace Gary Cohn

    Trump tells people he is selecting Larry Kudlow to replace Gary Cohn

    Liddell, like the former Goldman Sachs executive Cohn, has a background in crunching numbers and dealing with Wall Street. Cohn played a central role in helping Trump enact a sweeping tax overhaul law, coordinating with members of Congress.
  • Erdogan hopes Afrin to be captured by Wednesday evening

    Erdogan hopes Afrin to be captured by Wednesday evening

    It's a major issue of conflict for Turkey and the US that is expected to be discussed between the two countries later this month. Damascus has dubbed the Turkish campaign as "aggression", however, refrained from sending armed forces to the area.
    Microsoft's more inclusive Xbox avatars finally arrive in April

    Microsoft's more inclusive Xbox avatars finally arrive in April

    Nothing has been confirmed about what will be revealed at E3 but previous year Microsoft revealed the Xbox One X and games for it. Now, they seem to be ready to make this year's E3 the biggest ever stating "it will be our biggest showing ever".
    CL: Manchester United make shocking exit after loss to Sevilla

    CL: Manchester United make shocking exit after loss to Sevilla

    Paul Scholes said United's players had a poor "attitude" and Rio Ferdinand said United are a "work in progress". Unsurprisingly, Mourinho's comments drew criticism that mostly focused on his tactical approach to the game.
  • Trump's pick to lead Central Intelligence Agency  to face questions about torture

    Trump's pick to lead Central Intelligence Agency to face questions about torture

    He suggested for Trump to fire other cabinet members like Education Secretary Betsy DeVos for her painful 60 Minutes interview. Tillerson never denied using the word. "We pray for the best for Secretary Tillerson in all his future endeavours".
    McTominay called up to Scotland squad

    McTominay called up to Scotland squad

    Speaking at Hampden Park after announcing his squad, he said: "They are definitely prepared". He added: "It was enormously flattering, there's a huge interest in the national team".
    California: Teacher's Gun Accidently Goes Off in Class Injuring Three Students

    California: Teacher's Gun Accidently Goes Off in Class Injuring Three Students

    Fragments from the bullet ricocheted off the ceiling lodged in the neck of a 17-year-old student, KSBW Channel 8 reports . A single shot was sacked from a semi-automatic handgun into the ceiling, according to the Seaside Police Department.


Most liked

Margot Robbie Confirmed for Once Upon a Time in Hollywood
Once Upon A Time In Hollywood will be released on 9 August next year, marking exactly 50 years since Tate's death. Robbie is coming off of her own Oscar-nominated turn, for I, Tonya , her first nomination.

Reporter's dramatic eyeroll at fellow journalist goes viral, gets censored in China
Whatever she chooses to do after the conference however, at least one person thinks she should maybe try her hand at acting. After Priya Varrier's wink took over Indian internet, here's another lady whose eyes are doing the talking for her.

Enyeama condemns Lille pitch invaders
Lille is in danger of being relegated from the French Ligue 1 and sit second from bottom with 28 points from 29 games. But, instead, Lille is in 19th place and fighting to avoid relegation with only nine games left.

Venus Williams advances to the last eight in Indian Wells
It was the match of the tournament as with Venus taking the first set 7-5 before Serena bounced back to take the second 6-4. It was also their first duel at Indian Wells , 17 years after Venus pulled out of their semifinal with a knee injury.

Grab makes foray into fintech and financial services
The loan capability is possible thanks to the joint venture between Grab Financial and Credit Saison, one of Japan's largest consumer financing companies.

Women's basketball earns first-ever NCAA No. 1 seed
Quinnipiac is seeded No. 9 in the same region and will open at Gampel against No. 8 Miami on Saturday at 1:30 p.m. We are all excited at the chance to play in the postseason for the fifth time in the last six years.

Meghan McCain calls Clinton family 'virus' in Democratic politics
Another former aide told the publication that it seems "the party has moved on from Hillary Clinton ". In other words, Reines knows that Trump's messages resonated deeply in the heartland of America.

Apple buys 'Texture' Magazine Subscription App
Previously, Apple had a Newsstand app of its own, but the service never took off, and Apple chose to just terminate the service. The Apple logo is pictured inside the newly opened Omotesando Apple store at a shopping district in Tokyo June 26, 2014.

Jeff Goldblum is back in Frontier's Jurassic World Evolution
Jurassic World Evolution will feature an all-new story that will mention key characters and events from the Jurassic World series. Goldblum is also reprising his role of Malcolm for Jurassic World: Fallen Kingdom , which releases in movie theaters on June 22.

Slovakia may face early parliamentary elections
The junior nationalist coalition party SNS said on Monday that it could accept either early elections or a cabinet reshuffle. A coalition partner had made Robert Kalinak's resignation a condition for continued support in government.

Blaze pizzas for $3.14 for National Pi Day on Wednesday
Coco's Bakery Restaurant: Members of Coco's email club can get a coupon for a $3.14 slice of pie, according to representatives. Locations not participating in Pi Day are Disney Springs, Houston Airport, UCLA, Staples Center, and George Mason University.

Haseeb Drabu's PDP Leader exit will not affect allianve in govt: BJP
When contacted Syed Altaf Bukari confirmed to that he has entrusted with additional responsibility of Finance Department . While I understand and accept the decision of the party, to take to the media before talking to me was painful.

Former S.Korean president Lee appears for questioning over graft charges
The ex-president rose to political power after a successful career as chief executive of Hyundai Engineering & Construction Co. Before he entered the prosecutors' office, Lee announced to reporters that he is in a "position of awful discomfort today".

Federal appeals court's ruling upholds most of Texas' "sanctuary cities" law
Attorney General Ken Paxton , who had defended the law in court, said he was pleased with the ruling . Unsafe criminals shouldn't be allowed back into our communities to possibly commit more crimes".

Pi Day: Google celebrates 30th anniversary of mathematical constant
Google states that this year is the 30th year of celebrating Pi day, as it was first recognised by physicist Larry Shaw in 1988. Close to a trillion places have been calculated of pi and since it is an irrational number, it can go upto infinity.