13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

[Durvelle27]

I smell fish

 

[Particle]

It's so funny seeing AMD aficionados going in defense mode

Defense of what? This isn't even the same class of thing. It's funnier seeing Intel fans bending over backward to pretend like this is even remotely as bad as Meltdown/Spectre. It's just regular malware doing regular malware things. I get it though. They desperately need/want it.

When it can survive a reinstall it's still a big issue. If these flaws are confirmed they are fairly signifigant.

As I said earlier, 2018 is going to be a rough year for processor security...

The processor itself just has RAM and ROM. You can't actually "install" malware to the processor itself. It has to be loaded at startup from firmware. It's just like microcode updates. If you overwrite the system board's firmware, that is a different sort of problem.

 

[EarthDog]

Defense of what? This isn't even the same class of thing. It's funnier seeing Intel fans bending over backward to pretend like this is even remotely as bad as Meltdown/Spectre. It's just regular malware doing regular malware things. I get it though. They desperately need/want it.

It seems nobody knows the efficacy of the report at this time. That said, seems like only one person here went intel nuts and that was early in the thread. Otherwise, its been a back and forth... mostly watching holes be shot in it.... remarkably similar responses from each side for each issue.....funny.

 

[qcmadness]

It seems nobody knows the efficacy of the report at this time. That said, seems like only one person here went intel nuts and that was early in the thread. Otherwise, its been a back and forth... mostly watching holes be shot in it.... remarkably similar responses from each side for each issue.....funny.

In fact 24-hour timeframe is not enough to verify the nature or existance of the "bugs".

 

[theGryphon]

These guys, with their 24-hr notice, flashy titles, throw-AMD-name-everywhere attitude, and a disclaimer that even states their "potential" gains in AMD stock performance (if one doesn't have any gains, one states as such), are:

1) Hotshot wannabees in desperate need of attention and publicity, with no interest in "public interest"
2) Scumbags that probably bet big on AMD stock sell options
3) Dirtbags that probably got clued-in and supported (technically and/or financially) by Intel
4) Even worse filthbags if some/all of this turns out to be fake

I pray for everybody's sake (AMD and Intel users alike) that this is all fake...

 

[xkm1948]

Some one js trying tk manipulate stock price of AMD that is for sure

 

[the54thvoid]

So, the first 3 exploits require admin rights.... Okay - panic over, put your pitchforks away and go home people.

The last is hypothesised and not fully verified. It also is ASMedia's fault(?) so if there is any real issue (unlikely), any recall may be at their expense.

Finally, just for some layperson perspective.

The first 3 expoits all need admin rights. Effectively, that means your PC is vulnerable to, well pretty much you. Duh..... Here are some more exploits from the54thvoid's Bug Factory that you may be liable to:

Coffee Hack - If you spill coffee into your PC case - it might not work anymore.
Porn Wrist - Certain websites you visit may give you RSI.
Dark Souls Impact Bug - Playing Dark Souls may result in a broken mouse or keyboard. Or desk. Or bruised knuckles.

 

[CrAsHnBuRnXp]

Who wants to pool money together and get some AMD stock?

 

[EarthDog]

Who wants to pool money together and get some AMD stock?

Ill bet Viceroy is...

 

[Durvelle27]

Who wants to pool money together and get some AMD stock?

I’m down

 

[Fouquin]

Hmmm what an interesting connection in the CTS Labs contact page.

http://www.bevelpr.com/

Why would an infosec research firm have an external marketing department... Or is it the other way around?

I can smell the money from here.

 

[W1zzard]

So, the first 3 exploits require admin rights.... Okay - panic over, put your pitchforks away and go home people.

The last is hypothesised and not fully verified. It also is ASMedia's fault(?) so if there is any real issue (unlikely), any recall may be at their expense.

They all require admin rights, I'll clarify in the original post.

For the last: what is not fully verified is whether DMA can write into the fenced off memory, the rest like keylogging and sniffing network is confirmed according to the researchers.

Clarified the original post: "To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards."

 

[EarthDog]

Lets assume its true or not....doesnt matter. If you published this data, do you honestly expect them to be able to handle the inquiries? Even if its just BS?

I understand why it looks bad, but, at the same time, it doesnt take much thought to realize its needed (PR company) when releasing this kind of info...

 

[Manu_PT]

This is really bad! Did you guys read the full disclosure? Good luck with zen+. Is a shame because amd was starting to bring competition

 

[efikkan]

I really dislike the trend of giving all "major" vulnerabilities nicknames.

The details of these new claims remains to be confirmed by other parties. But it should come as no surprise to anyone that a lot of hardware is riddled with vulnerabilities, since the general mentality in the industry is to deal with security concerns the public is aware of exploits. This problem is a known fact for other hardware, especially networking equipment. Almost every router have known exploits which are never fixed, both cheap consumer gear and high-end enterprise equipment. Most vulnerabilities fall into the categories of carelessness by developers or built-in debugging/support features.

If anything the press should focus on the underlying problem of designing for security rather than making up nicknames and focusing too much on singular edge cases.

 

[mtcn77]

Reworked most of the article and added AMD's statement

I read the article. You changed Chimera's status from bios "flashable" to "non-flashable", is that correct?

 

[theGryphon]

This is really bad! Did you guys read the full disclosure? Good luck with zen+. Is a shame because amd was starting to bring competition

No it's not as bad as it is flashy. Even if all is true, it's not nearly at the same level of Intel vulnerabilities. Have you read it?

 

[john_]

Ryzenfall, AMDflaws site, only 24 hours given to AMD.

Many many jokes are coming in my mind about Jews and dollars. I would like to apologize in advance about this.

 

[dyonoctis]

Wow. amdflaws.com is so well made. The website is clean, looks modern, with interview on green screen, motion design used to explain the flaws. They made a youtube channel just for that. It's not even technical they are explaining what's a cpu and a chipset.
They are checking all the point needed to impress someone who isn't tech-savyy.

That's remind me all of those video to learn how to make to money with a secret that banks and millionaire don't want to share.

Even IF this is end up to be true the effort they made on communication can't hide a malicious intent.

 

[delshay]

Hold-on guys

https://www.reddit.com/r/Amd/comments/845lgq

 

[W1zzard]

I read the article. You changed Chimera's status from bios "flashable" to "non-flashable", is that correct?

Chimera allows you to run arbitrary code in the chipset. If the BIOS chip was connected directly to the chipset, then this would enable silent flashing in any system state as long as the chipset has power.

Since the BIOS chip is connected to the CPU on Zen, this is not possible, at least not directly. It's still possible to use DMA to write code into the CPU memory, which then gets executed, which then flashes the ROM.

Edit: I'll research whether the chipset is connected to the SPI bus on which the ROM lives.

Edit: Not connected to the SPI bus, not sure if true for all board models though

 

[Chaitanya]

They all require admin rights, I'll clarify in the original post.

For the last: what is not fully verified is whether DMA can write into the fenced off memory, the rest like keylogging and sniffing network is confirmed according to the researchers.

Clarified the original post: "To exploit this attack vector, administrative privileges are required. Whether DMA can access the fenced off memory portions of the Secure Processor, to additionally attack the Secure Processor through this vulnerability, is not fully confirmed, however, the researchers verified it works on a small number of desktop boards."

Considering the paper is not peer-reviewed and fishy behaviour of AMD and press being notified at the same time with only 24hr period given to AMD. The article should mention those researchers in double quotes. Also what is with TPU eagerly posting clickbait articles with highly questionable unverified/non peer-reviewed whitepapers shame on you guys for this behaviour.

 

[nemesis.ie]

Meanwhile, as I type, AMD's share price is INCREASING ...

 

[RejZoR]

Source on that?

"The Masterkey vulnerability gets around this environment integrity check by using an infected system BIOS, which can be flashed even from within Windows (with administrative privileges)."

It means the modification has to be highly specific for a target computer. You can't just flash some BIOS, it has to be for that specific board. Chances of applying this in practice on a mass scale is totally unlikely because there is just too many variables involved starting with endless variants of motherboards. It's still an issue when it comes to a targeted attack of a particular workstation (assuming user has admin rights access to do it). The rest of vulnerabilities are a lot more problematic because you can apply them on large scale.

 

[srsbsns]

Redflags

1. AMD given 24 hour ransom style notice this was going out. = bad faith.. Spectre and Meltdown were known for months to allow for mitigations to be produced.
2. The company domain was registered in February.
3. There is a disclaimer on the report that says says "you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports." Looks like they are trying to tank stock to buy it up on the cheap because they expect Ryzen+ to boost AMD's financials.
4. Timing of the release is 1 year exactly from Ryzen release date.
5. Slides/presentation has production quality to deliver maximum impact. This is not the status quo for this type of research.
6. They fail to point out very clearly these alleged vulnerabilities require admin privileges. This is unlike Spectre and Meltdown.

Did I miss any?