Tuesday, March 20th 2018

CTS-Labs Releases Masterkey Exploit Proof-of-Concept Video

CTS-Labs, the cyber security research firm that claims to have unearthed severe security vulnerabilities with AMD "Zen" CPU architecture, posted its first proof-of-concept demo video. This video deals with the "Masterkey" class of exploits, specifically Masterkey-1. The Masterkey class makes for 3 of the 13 vulnerabilities the firm discovered. As a quick refresher, Masterkey is an exploit of the Secure Boot feature, specifically getting around the feature's system integrity check on AMD "Zen" powered systems, by using a specially programmed system BIOS. Any privileged program (even from within Windows), can flash your system BIOS, and get around Secure Boot in the following system reboot (or even brick your system by writing a non-bootable BIOS image). The BIOS can then tinker with the ring -3 (minus 3) software running on Secure Processor, and survive reboots or OS re-installs. It would also be undetectable by traditional antivirus programs that can't have ring -3 access while running on top of an operating system.

In the video, we're shown a somewhat step-by-step process of infecting a TYAN-made server motherboard with a modified BIOS that has the Masterkey exploit. The demo BIOS by CTS, which has ARM Cortex A5-compatible code for the Secure Processor, makes it flicker its status code between "1337" and "7331" during POST, and go on to boot the OS as if nothing happened. It can be made to do anything once you've reached that far. CTS-Labs claims that it has a more elaborate shell code for Secure Processor that probably does more insidious things, but it won't be showing that to the public in this video. The objective of this demo appears to be to establish a proof-of-concept.
The video follows.


CTS-Labs stated that it's currently filming similar proof-of-concept videos for each of the other exploits.
Add your own comment

50 Comments on CTS-Labs Releases Masterkey Exploit Proof-of-Concept Video

#1
Chaitanya
My Asus motherboard from 2006 had a windows based software which allowed for the bootscreen to be modified with any *.bmp.
Posted on Reply
#2
_JP_
So riddle me this:
This exploit can override Administrator/Supervisor passwords in the UEFI if set beforehand?
Usually, even from Windows, you need that in order to flash it. This seems that from the get-go, there will be no password, however I'm not finding this hurdle being mentioned as a portential mitigation for the MASTERKEY exploit too.
Posted on Reply
#3
R0H1T
Paging Dr. Who (or Strange on the other side of the Atlantic) but the embedded video doesn't work in the OP :rolleyes:
Posted on Reply
#4
W1zzard
Chaitanya
My Asus motherboard from 2006 had a windows based software which allowed for the bootscreen to be modified with any *.bmp.
Your board doesn't have Secure Boot or UEFI, which were invented to ensure the BIOS is not affected in any way
R0H1T
Paging Dr. Who (or Strange on the other side of the Atlantic) but the embedded video doesn't work in the OP :rolleyes:
Use the main site view. As mentioned before, news posts are not stored in the forums anymore. So I included snippets, people complained that text was missing, now the full post is included and things might not be working as expected.
Posted on Reply
#5
RejZoR
Drop the video string into Youtube search field, it'll find it anyway.

So, to sum video up:

This was done "remotely" within local network.
This required admin access to be available from the get go on the target system.
This requires attacker to know exactly which board is used by the target system.

This is an incredibly targeted attack which makes it pretty much useless unless you're doing just that, a very targeted attack on some servers.
Posted on Reply
#6
R0H1T
RejZoR
Drop the video string into Youtube search field, it'll find it anyway.

So, to sum video up:

This was done "remotely" within local network.
This required admin access to be available from the get go on the target system.
This requires attacker to know exactly which board is used by the target system.

This is an incredibly targeted attack which makes it pretty much useless unless you're doing just that, a very targeted attack on some servers.
So pretty much an inside job, now I know who to go after. Tbf though most large profile hacks are based on some sort of insider info trading hands or an incredibly poor (network) setup where basic protocols or security best practices aren't followed.
Posted on Reply
#7
RejZoR
R0H1T
So pretty much an inside job, now I know who to go after. Tbf though most large profile hacks are based on some sort of insider info trading hands or an incredibly poor (network) setup where basic protocols or security best practices aren't followed.
To which you need to know some particular company has such poor practices.
Posted on Reply
#9
john_
I guess this campaign will continue with at least 12 more videos where someone over a computer with admin rights and every other failsafe disabled, will be demonstrating how he can hack the computer.
Posted on Reply
#10
ikeke
So, Windows Server on baremetal with admin access and s*itty security and intimate knowledge of hardware to be targeted.

Yes, this will affect almost a marginal percent of Epyc installations.
Posted on Reply
#11
R-T-B
john_
I guess this campaign will continue with at least 12 more videos where someone over a computer with admin rights and every other failsafe disabled, will be demonstrating how he can hack the computer.
...and more importantly, survive reinstalls undetected.

That's the crux of it.

Yes, this is more an enterprise targeted scenario than an enduser one, but don't deny it is a problem. That makes you part of what? Certainly not the solution.
Posted on Reply
#12
the54thvoid
When they release the Asmedia exploit POC demo, will they also identify Intel as a target? Despite the obvious potential for harm from an exploit that requires a prior malware infection, the crux of the furore is still CTS-Labs background.
The continued stream of info from the group, whose short selling interests have been disclosed, is really quite unsettling. Moreso that news sites aren't using disclaimer headings.
Effectively, CTS-Labs current AMD research is aimed at profiting from short selling and as such, sites ought to inform readers of such. It is, without doubt (as they have admitted) financially motivated.
Posted on Reply
#13
ikeke
R-T-B
...and more importantly, survive reinstalls undetected.

That's the crux of it.

Yes, this is more an enterprise targeted scenario than an enduser one, but don't deny it is a problem. That makes you part of what? Certainly not the solution.
Im not denying the problem. Im saying that the problem described and the problem presented differ. There is no world-altering public exploit here, at most a spear phishing tool or bad actor exploit.
Correct way to handle this would have been to notify AMD and let them fix it.

Instead they decided to leak some to stock shortseller Viceroy (intentionally or unintentionally, doesnt matter) before publishing amdflaws site. This along with the disclaimer (about financial gains from the exploit publishing/usage) on amdflaws site makes them more likely to face litigation than kudos.
Posted on Reply
#14
R-T-B
ikeke
Correct way to handle this would have been to notify AMD and let them fix it.
As far as I am aware, that's what they've done.

No, they didn't do the strictly ethical "I will not mention this until you fix it" thing, but that has little impact on the bug itself. The company has been called iffy by myself since day 1, so the idea their ethics may be a little off kilter isn't exactly news to me.
Posted on Reply
#15
ikeke
"Yo, AMD, we'll post some s'it on ya' a$$ tomorrow. LOL.

Here's the $h't. <attached>

Oh, and we'll say that ya'll can't fix it.

ktnxbye"
Posted on Reply
#16
ssdpro
the54thvoid
Effectively, CTS-Labs current AMD research is aimed at profiting from short selling and as such, sites ought to inform readers of such. It is, without doubt (as they have admitted) financially motivated.
It doesn't appear anyone has profited from any short selling of any meaningful volume. AMD stock has been relatively unchanged over the last week at a lower than normal volume. It is definitely possible it was long term financially motivated. It reminds people AMD put recent products together on a shoe string budget and leaves people wondering if these vulnerabilities are real and how many vulnerabilities lay in waiting. Also, "financially motivated" sometimes signals discrediting or minimizing and it shouldn't. Every step a company makes is financially motivated. If you held to that theory AMD marketing would be minimized since it is "financially motivated". I remind everyone 7 days later AMD has only acknowledged these vulnerabilities and hasn't discredited or explained how low risk they are. That is way too long for a professional company to manage PR.
Posted on Reply
#17
SRB151
Yeah, right. Assuming AMD could not fix it without talking to them is always the way to go. As far as secure bios, I wonder if this was actually made to prevent deliberate monkeying, or to prevent idiots and distracted IT people from accidentally bricking machine. When you've got that level of access to a system, is there really ANY protection? Maybe this means I can now use an older bios on my wife's Asus-Ryzen system. It wouldn't let me flash an older bios when I wanted to one time. This looks a lot like Spectre-2. Theoretically possible, but ZERO for all practical purposes considering what you have to do to get it to run.
ssdpro
It doesn't appear anyone has profited from any short selling of any meaningful volume. AMD stock has been relatively unchanged over the last week at a lower than normal volume. It is definitely possible it was long term financially motivated. It reminds people AMD put recent products together on a shoe string budget and leaves people wondering if these vulnerabilities are real and how many vulnerabilities lay in waiting. Also, "financially motivated" sometimes signals discrediting or minimizing and it shouldn't. Every step a company makes is financially motivated. If you held to that theory AMD marketing would be minimized since it is "financially motivated". I remind everyone 7 days later AMD has only acknowledged these vulnerabilities and hasn't discredited or explained how low risk they are. That is way too long for a professional company to manage PR.
Just because it didn't work, doesn't mean they didn't try to deep six AMD stock. By your logic, half of crimes committed would not be prosecuted since they got caught. Second, dumping "13" "bugs" on AMD and expecting a complete analysis in a week, and by your questionable comments on AMD shows you're just a shill. Again, by your logic, Intel just does barely what the need to in order to have a faster processor without regard for customers or security. I don't think either case it true. AMD has a smaller budget and Intel sits on design improvements for a while does not make EITHER less security conscious. Both were caught off guard, one by a creative exploit, the other by a greedy, single focused , questionable company.
Posted on Reply
#18
the54thvoid
ssdpro
It doesn't appear anyone has profited from any short selling of any meaningful volume. AMD stock has been relatively unchanged over the last week at a lower than normal volume. It is definitely possible it was long term financially motivated. It reminds people AMD put recent products together on a shoe string budget and leaves people wondering if these vulnerabilities are real and how many vulnerabilities lay in waiting. Also, "financially motivated" sometimes signals discrediting or minimizing and it shouldn't. Every step a company makes is financially motivated. If you held to that theory AMD marketing would be minimized since it is "financially motivated". I remind everyone 7 days later AMD has only acknowledged these vulnerabilities and hasn't discredited or explained how low risk they are. That is way too long for a professional company to manage PR.
I cannot paraphrase the excellent Anandtech article but I would recommend you read it.

It involves a detailed phone conversation transcript and Anandtech's critique of the knowledge gleamed. It does not deny the exploit but it clearly finds CTS to be 'financially motivated'.

www.anandtech.com/show/12536/our-interesting-call-with-cts-labs
Posted on Reply
#19
R0H1T
ssdpro
It doesn't appear anyone has profited from any short selling of any meaningful volume. AMD stock has been relatively unchanged over the last week at a lower than normal volume. It is definitely possible it was long term financially motivated. It reminds people AMD put recent products together on a shoe string budget and leaves people wondering if these vulnerabilities are real and how many vulnerabilities lay in waiting. Also, "financially motivated" sometimes signals discrediting or minimizing and it shouldn't. Every step a company makes is financially motivated. If you held to that theory AMD marketing would be minimized since it is "financially motivated". I remind everyone 7 days later AMD has only acknowledged these vulnerabilities and hasn't discredited or explained how low risk they are. That is way too long for a professional company to manage PR.
Because 7 days isn't enough to do any sort of a meaningful validation, given that AMD doesn't own the Asmedia IP nor the ARM cortex A5 one. Not to mention the trickling of information & how CTS is making it look like they're doing this with the best of intentions - without divulging if competing solutions from Intel could also be vulnerable - doesn't make their case strong! And I'm not even going into the other big woolly mammoth in the room, which was left unpatched for 7 months & allowed the competitor to sell billions of desktop & HEDT chips without a disclaimer.
Posted on Reply
#20
SRB151
It always amazes me how someone jumps to personal attacks instead of the topic at hand. The point is, that these "exploits" require a great deal of inside knowledge and access to pull off, and CTS has operated in a most shady manner. If you point this out, you are somehow a "fanboy"? The statements made about AMD by CTS were not as much about exploits, but more about their opinions about AMD as a company. Much like your post. Except they may have had something to gain.
Posted on Reply
#21
NeoGalaxy
Now to be honest the question is any hacker is seeing this. Since I asked some "friends" and they say that they will test the proof concepts on Intel's CPUs also just for the fun of it. If these CTS Labs or whatever were smarter to begin with, they would had done it without an admin account. Because I can cripple a server with just a USB port, so having administrative access is not that amazing. Also everything he's doing is loged. A simple reading of any logs will point to the source of this "attack" in any decent... IT organisation.
Posted on Reply
#22
v12dock
In other news you can flash a modded BIOS on an Intel machine with administrative access.
Posted on Reply
#23
phanbuey
ikeke
So, Windows Server on baremetal with admin access and s*itty security and intimate knowledge of hardware to be targeted.

Yes, this will affect almost a marginal percent of Epyc installations.
Right?
Isn't it much easier and more reliable to install a rootkit to the MBR?

I'm still not convinced any hacker would consider this worth the effort...
Posted on Reply
#24
jmcslob
I think CTS labs and it's employees should be black listed from any future endeavours.
Posted on Reply
#25
xorbe
ny privileged program (even from within Windows), can flash your system BIOS
On topic, I've long wondered why motherboards don't have a jumper to enable/disable firmware write. [Other than $$$ for a single jumper.]
Posted on Reply
Add your own comment