• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

CTS Labs Sent AMD and Other Companies a Research Package with Proof-of-Concept Code

btarunr

Editor & Senior Moderator
Staff member
Joined
Oct 9, 2007
Messages
46,283 (7.69/day)
Location
Hyderabad, India
System Name RBMK-1000
Processor AMD Ryzen 7 5700G
Motherboard ASUS ROG Strix B450-E Gaming
Cooling DeepCool Gammax L240 V2
Memory 2x 8GB G.Skill Sniper X
Video Card(s) Palit GeForce RTX 2080 SUPER GameRock
Storage Western Digital Black NVMe 512GB
Display(s) BenQ 1440p 60 Hz 27-inch
Case Corsair Carbide 100R
Audio Device(s) ASUS SupremeFX S1220A
Power Supply Cooler Master MWE Gold 650W
Mouse ASUS ROG Strix Impact
Keyboard Gamdias Hermes E2
Software Windows 11 Pro
CTS Labs, the Israel-based IT security research company behind Tuesday's explosive AMD Ryzen security vulnerabilities report, responded to questions posed by TechPowerUp. One of the biggest of these, which is also on the minds of skeptics, is the ominous lack of proof-of-concept code or binaries being part of their initial public report (in contrast to the Meltdown/Spectre reports that went into technical details about the exploit). CTS Labs stated to TechPowerUp that it has sent AMD, along with other big tech companies a "complete research package," which includes "full technical write-ups about the vulnerabilities," "functional proof-of-concept exploit code," and "instructions on how to reproduce each vulnerability." It stated that besides AMD, the research package was sent to Microsoft, HP, Dell, Symantec, FireEye, and Cisco Systems, to help them develop patches and mitigation.

An unwritten yet generally accepted practice in the IT security industry upon discovery of such vulnerabilities, is for researchers to give companies in question at least 90 days to design a software patch, harden infrastructure, or implement other mitigation. 90 days is in stark contrast to the 24 hours AMD got from CTS Labs. CTS Labs confirmed to TechPowerUp that it indeed shared its research package with AMD (and the other companies) just 24 hours prior to making its report public, but urged those disgruntled with this decision to look at the situation objectively. "If you look at the situation in the following way: right now the public knows about the vulnerabilities and their implications, AMD is fully informed and developing patches, and major security companies are also informed and working on mitigation."



This is in contrast to the unintentional consequence of keeping Meltdown/Spectre away from the public domain for over half a year, allowing Intel's senior executives to dump company stock, and for big cloud computing providers to harden their infrastructure, giving themselves a competitive advantage over smaller providers. But unlike with Meltdown/Spectre, these vulnerabilities aren't industry-wide (i.e. they don't affect Intel), placing AMD at a disadvantage in both the stock markets, and in the retail markets.

CTS Labs, through the sequence of its actions, has attempted to shift the burden of proof from itself to AMD, which is extremely uncommon in the IT security industry. With the lack of proof-of-concept of these vulnerabilities in the public domain, an environment of fear, uncertainty, and doubt (FUD) is being developed, with AMD being occupied with testing its chips for these vulnerabilities, and still far away from releasing patches, if the vulnerabilities are real. This places anyone with a shorting position against AMD stock at a distinct advantage. The strategy of AMD investor relations and corporate communications should now be to allay many of those fears among people without access to the proof-of-concept, and to ask investors to refrain from giving in to FUD.

View at TechPowerUp Main Site
 
Joined
Apr 16, 2010
Messages
3,455 (0.68/day)
Location
Portugal
System Name LenovoⓇ ThinkPad™ T430
Processor IntelⓇ Core™ i5-3210M processor (2 cores, 2.50GHz, 3MB cache), Intel Turbo Boost™ 2.0 (3.10GHz), HT™
Motherboard Lenovo 2344 (Mobile Intel QM77 Express Chipset)
Cooling Single-pipe heatsink + Delta fan
Memory 2x 8GB KingstonⓇ HyperX™ Impact 2133MHz DDR3L SO-DIMM
Video Card(s) Intel HD Graphics™ 4000 (GPU clk: 1100MHz, vRAM clk: 1066MHz)
Storage SamsungⓇ 860 EVO mSATA (250GB) + 850 EVO (500GB) SATA
Display(s) 14.0" (355mm) HD (1366x768) color, anti-glare, LED backlight, 200 nits, 16:9 aspect ratio, 300:1 co
Case ThinkPad Roll Cage (one-piece magnesium frame)
Audio Device(s) HD Audio, RealtekⓇ ALC3202 codec, DolbyⓇ Advanced Audio™ v2 / stereo speakers, 1W x 2
Power Supply ThinkPad 65W AC Adapter + ThinkPad Battery 70++ (9-cell)
Mouse TrackPointⓇ pointing device + UltraNav™, wide touchpad below keyboard + ThinkLight™
Keyboard 6-row, 84-key, ThinkVantage button, spill-resistant, multimedia Fn keys, LED backlight (PT Layout)
Software MicrosoftⓇ WindowsⓇ 10 x86-64 (22H2)
Still looks like "boy who cried wolf", in the execution.
 
Joined
Oct 2, 2004
Messages
13,791 (1.94/day)
It still reeks of Intel's interefrence even if all the vulnerabilities are true. Though some are already BS from the get go, like the requirement of having a physical local admin access to the system. At that point, can it even be classified as a "vulnerability"? If you have that, you're basically managing the system. Which in the end can be run by any CPU of any kind and be "vulnerable" to anything you throw at it. Not to mention how the whole thing is being handled, Meltdown/Spectre that affected Intel the worst, public had no knowledge of it for months. Here, they give AMD a 24 hour ultimatum. That's total BS. Someone doesn't care about actual security as much as they care about attention whoring and crashing someone's stocks...
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,105 (1.31/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
"Oh My GOD"
All my AMD systems Can be Compromised
Must Go OFF line Till they Solve This..................> Hang on not got an AMD System o_O:nutkick:

Just in Case i must wrap all my PC's in Tin foil (that will work won't it:roll:)
 
Joined
Apr 10, 2013
Messages
302 (0.08/day)
Location
Michigan, USA
Processor AMD 1700X
Motherboard Crosshair VI Hero
Memory F4-3200C14D-16GFX
Video Card(s) GTX 1070
Storage 960 Pro
Display(s) PG279Q
Case HAF X
Power Supply Silencer MK III 850
Mouse Logitech G700s
Keyboard Logitech G105
Software Windows 10
Even if it leans more true now, all products have the possibility of security vulnerabilities. This company should have given AMD and other companies more time with the information.

AMD is very quiet now going on 48 hours so it looks like at least some of it is verified. If CTS didn't really provide the code and methods AMD would have just said "CTS hasn't provided any details or code as claimed and so far we are unable to verify these claims. We will continue to investigate and provide additional information as it becomes available". That statement hasn't come.
 
Joined
Dec 15, 2006
Messages
1,703 (0.27/day)
Location
Oshkosh, WI
System Name ChoreBoy
Processor 8700k Delided
Motherboard Gigabyte Z390 Master
Cooling 420mm Custom Loop
Memory CMK16GX4M2B3000C15 2x8GB @ 3000Mhz
Video Card(s) EVGA 1080 SC
Storage 1TB SX8200, 250GB 850 EVO, 250GB Barracuda
Display(s) Pixio PX329 and Dell E228WFP
Case Fractal R6
Audio Device(s) On-Board
Power Supply 1000w Corsair
Software Win 10 Pro
Benchmark Scores A million on everything....
So do any of these hacks help one gain admin privileges?
 
Joined
Jan 31, 2005
Messages
2,050 (0.29/day)
Location
Denmark
System Name Commercial towing vehicle "Nostromo"
Processor 5800X3D
Motherboard X570 Unify
Cooling EK-AIO 360
Memory 32 GB Fury 3666 MHz
Video Card(s) 4070 Ti Eagle
Storage SN850 NVMe 1TB + Renegade NVMe 2TB + 870 EVO 4TB
Display(s) 25" Legion Y25g-30
Case Lian Li LanCool 216 v2
Audio Device(s) B & W PX7 S2e
Power Supply HX1500i
Mouse Harpe Ace Aim Lab Edition
Keyboard Scope II 96 Wireless
Software Windows 11 23H2
CTS Labs, the Israel-based IT security research company
- should be "CTS Labs, the Intel-based IT security research company"
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,958 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
Still, when you have admin access, does it really matter at that point anymore?
Physical access and admin access are two vastly different things. Every malware gets onto PCs through admin access, tons of computers get infected every day, so this is not a non-issue.
The difference here is that the malware can be hidden in a way that's undetectable from security software and persists through reboot, and OS reinstall, which means "buy a new computer" for 99% of the population.

So do any of these hacks help one gain admin privileges?
No
 
Joined
Jul 18, 2016
Messages
353 (0.13/day)
Location
Indonesia
System Name Nero Mini
Processor AMD Ryzen 7 5800X 4.7GHz-4.9GHz
Motherboard Gigabyte X570i Aorus Pro Wifi
Cooling Noctua NH-D15S+3x Noctua IPPC 3K
Memory Team Dark 3800MHz CL16 2x16GB 55ns
Video Card(s) Palit RTX 2060 Super JS Shunt Mod 2130MHz/1925MHz + 2x Noctua 120mm IPPC 3K
Storage Adata XPG Gammix S50 1TB
Display(s) LG 27UD68W
Case Lian-Li TU-150
Power Supply Corsair SF750 Platinum
Software Windows 10 Pro
Physical access and admin access are two vastly different things. Every malware gets onto PCs through admin access, tons of computers get infected every day, so this is not a non-issue.
The difference here is that the malware can be hidden in a way that's undetectable from security software and persists through reboot, and OS reinstall, which means "buy a new computer" for 99% of the population.

So you're saying you believe this? Without further evidence yet?
 
Joined
Feb 17, 2017
Messages
851 (0.33/day)
Location
Italy
Processor i7 2600K
Motherboard Asus P8Z68-V PRO/Gen 3
Cooling ZeroTherm FZ120
Memory G.Skill Ripjaws 4x4GB DDR3
Video Card(s) MSI GTX 1060 6G Gaming X
Storage Samsung 830 Pro 256GB + WD Caviar Blue 1TB
Display(s) Samsung PX2370 + Acer AL1717
Case Antec 1200 v1
Audio Device(s) aune x1s
Power Supply Enermax Modu87+ 800W
Mouse Logitech G403
Keyboard Qpad MK80

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,958 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
So you're saying you believe this? Without further evidence yet?
It looks sufficiently credible to me to not ignore it, which is why we are reporting on this at TPU. You are right of course that more evidence is needed, which doesn't seem that far away, days at max, probably hours.

I feel I have an excellent understanding of what they described and am trying to provide insights, and help clear up misunderstandings.
 

Durvelle27

Moderator
Staff member
Joined
Jul 10, 2012
Messages
6,678 (1.56/day)
Location
Memphis, TN
System Name Black Prometheus
Processor |AMD Ryzen 7 1700X
Motherboard ASRock B550M Pro4|MSI X370 Gaming PLUS
Cooling Thermalright PA120 SE | AMD Stock Cooler
Memory G.Skill 64GB(2x32GB) 3200MHz | 32GB(4x8GB) DDR4
Video Card(s) |AMD R9 290
Storage Sandisk X300 512GB + WD Black 6TB+WD Black 6TB
Display(s) LG Nanocell85 49" 4K 120Hz + ACER AOPEN 34" 3440x1440 144Hz
Case DeepCool Matrexx 55 V3 w/ 6x120mm Intake + 3x120mm Exhaust
Audio Device(s) LG Dolby Atmos 5.1
Power Supply Corsair RMX850 Fully Modular| EVGA 750W G2
Mouse Logitech Trackman
Keyboard Logitech K350
Software Windows 10 EDU x64
Joined
Jan 11, 2005
Messages
1,491 (0.21/day)
Location
66 feet from the ground
System Name 2nd AMD puppy
Processor FX-8350 vishera
Motherboard Gigabyte GA-970A-UD3
Cooling Cooler Master Hyper TX2
Memory 16 Gb DDR3:8GB Kingston HyperX Beast + 8Gb G.Skill Sniper(by courtesy of tabascosauz &TPU)
Video Card(s) Sapphire RX 580 Nitro+;1450/2000 Mhz
Storage SSD :840 pro 128 Gb;Iridium pro 240Gb ; HDD 2xWD-1Tb
Display(s) Benq XL2730Z 144 Hz freesync
Case NZXT 820 PHANTOM
Audio Device(s) Audigy SE with Logitech Z-5500
Power Supply Riotoro Enigma G2 850W
Mouse Razer copperhead / Gamdias zeus (by courtesy of sneekypeet & TPU)
Keyboard MS Sidewinder x4
Software win10 64bit ltsc
Benchmark Scores irrelevant for me
It looks sufficiently credible to me to not ignore it, which is why we are reporting on this at TPU. You are right of course that more evidence is needed, which doesn't seem that far away, days at max, probably hours.

I feel I have an excellent understanding of what they described and am trying to provide insights, and help clear up misunderstandings.

so in your opinion having admin privileges and needed know-how only amd systems are vulnerable? intel cpu's don't execute the admin code ?

if the findings are correct i bet can be reproduced on all available hardware .....
 
Joined
Nov 30, 2015
Messages
712 (0.23/day)
Location
Croatia
Processor Ryzen 5 3600 PRO
Motherboard AsRock B450 Pro4
Cooling Arctic Freezer 34 /w Noctua NF-P12
Memory Silicon Power XPower Zenith 2x8GB @1600 MHz
Video Card(s) Gigabyte RTX 2070 Super Gaming OC 8GB
Storage Crucial P5 Plus 1TB / Crucial MX 500 1TB
Display(s) Dell P2419H
Case Fractal Design Pop Air /w 3x Arctic P12 PWM
Audio Device(s) Creative Sound Blaster Z + Edifier R1000T4
Power Supply Super Flower Leadex III 650W
Mouse Microsoft Intelimouse Pro
Keyboard IBM KB-8926
Software Windows 10 Pro 64-bit
Benchmark Scores Turns on on the first try! Usually.
Really curious what will happen. Considering how dubious those researches seem these appear to be legitimate vulnerabilities.
 

the54thvoid

Intoxicated Moderator
Staff member
Joined
Dec 14, 2009
Messages
12,378 (2.37/day)
Location
Glasgow - home of formal profanity
Processor Ryzen 7800X3D
Motherboard MSI MAG Mortar B650 (wifi)
Cooling be quiet! Dark Rock Pro 4
Memory 32GB Kingston Fury
Video Card(s) Gainward RTX4070ti
Storage Seagate FireCuda 530 M.2 1TB / Samsumg 960 Pro M.2 512Gb
Display(s) LG 32" 165Hz 1440p GSYNC
Case Asus Prime AP201
Audio Device(s) On Board
Power Supply be quiet! Pure POwer M12 850w Gold (ATX3.0)
Software W10
It looks sufficiently credible to me to not ignore it, which is why we are reporting on this at TPU. You are right of course that more evidence is needed, which doesn't seem that far away, days at max, probably hours.

I feel I have an excellent understanding of what they described and am trying to provide insights, and help clear up misunderstandings.

How does one execute remote admin privileges? You would need to allow access initially via relevant software (remote diagnostics?) or have a prior malware installed to allow such access?
 

W1zzard

Administrator
Staff member
Joined
May 14, 2004
Messages
26,958 (3.71/day)
Processor Ryzen 7 5700X
Memory 48 GB
Video Card(s) RTX 4080
Storage 2x HDD RAID 1, 3x M.2 NVMe
Display(s) 30" 2560x1600 + 19" 1280x1024
Software Windows 10 64-bit
How does one execute remote admin privileges? You would need to allow access initially via relevant software (remote diagnostics?) or have a prior malware installed to allow such access?
Malware, through same methods that infects thousands of PC each day.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,472 (4.25/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
"If you look at the situation in the following way: right now the public knows about the vulnerabilities and their implications, AMD is fully informed and developing patches, and major security companies are also informed and working on mitigation."

This is in contrast to the unintentional consequence of keeping Meltdown/Spectre away from the public domain for over half a year, allowing Intel's senior executives to dump company stock, and for big cloud computing providers to harden their infrastructure, giving themselves a competitive advantage over smaller providers.

This is putting a monetary goal in front of keep things secure and that's BS if CTS is trying to be taken seriously. Telling the public does not help anything in these situations, it makes things worse, and any real security firm would know that. You give the information to the company it affects, AMD in this case, and at least give them some time to develop patches or updates to fix the vulnerabilities. Again, 90 days is standard, because the sooner you let the public know the vulnerabilities exist, the sooner malicious people know the vulnerabilities exist and begin to start exploiting them. What CTS did was basically hand hackers instructions on how to exploit these vulnerabilities immediately without giving AMD any time to fix them. That isn't keeping people secure, that is just CTS trying to make a name for themselves by putting their own profit ahead of the public's security.


How does one execute remote admin privileges? You would need to allow access initially via relevant software (remote diagnostics?) or have a prior malware installed to allow such access?

How do you think pretty much all other malware infects systems? How do you think ransomware works? I'll give you a hint: Admin Level Code.

90% of writing malicious programs these days is tricking the users into running it on their systems.

The difference here is that the malware can be hidden in a way that's undetectable from security software and persists through reboot, and OS reinstall, which means "buy a new computer" for 99% of the population.

Exactly, this is the scary part. I don't think we've seen a good BIOS virus in decades!
 
Joined
Mar 18, 2008
Messages
5,717 (0.98/day)
System Name Virtual Reality / Bioinformatics
Processor Undead CPU
Motherboard Undead TUF X99
Cooling Noctua NH-D15
Memory GSkill 128GB DDR4-3000
Video Card(s) EVGA RTX 3090 FTW3 Ultra
Storage Samsung 960 Pro 1TB + 860 EVO 2TB + WD Black 5TB
Display(s) 32'' 4K Dell
Case Fractal Design R5
Audio Device(s) BOSE 2.0
Power Supply Seasonic 850watt
Mouse Logitech Master MX
Keyboard Corsair K70 Cherry MX Blue
VR HMD HTC Vive + Oculus Quest 2
Software Windows 10 P
Oh look, more BS from the scam company CTS
 
Joined
Dec 22, 2011
Messages
285 (0.06/day)
Processor Ryzen 7 5800X3D
Motherboard Asus Prime X570 Pro
Cooling Deepcool LS-720
Memory 32 GB (4x 8GB) DDR4-3600 CL16
Video Card(s) Gigabyte Radeon RX 6800 XT Gaming OC
Storage Samsung PM9A1 (980 Pro OEM) + 960 Evo NVMe SSD + 830 SATA SSD + Toshiba & WD HDD's
Display(s) Samsung C32HG70
Case Lian Li O11D Evo
Audio Device(s) Sound Blaster Zx
Power Supply Seasonic 750W Focus+ Platinum
Mouse Logitech G703 Lightspeed
Keyboard SteelSeries Apex Pro
Software Windows 11 Pro
This is putting a monetary goal in front of keep things secure and that's BS if CTS is trying to be taken seriously. Telling the public does not help anything in these situations, it makes things worse, and any real security firm would know that. You give the information to the company it affects, AMD in this case, and at least give them some time to develop patches or updates to fix the vulnerabilities. Again, 90 days is standard, because the sooner you let the public know the vulnerabilities exist, the sooner malicious people know the vulnerabilities exist and begin to start exploiting them. What CTS did was basically hand hackers instructions on how to exploit these vulnerabilities immediately without giving AMD any time to fix them. That isn't keeping people secure, that is just CTS trying to make a name for themselves by putting their own profit ahead of the public's security.
They even admit in their whitepaper that they have economic intereset in the issue, which leads to Viceroy Research, who released pretty much instantly after the "whitepaper" release "AMD Obituary" saying that AMD stock price should be $0.00 and they need to file for Chapter 11 bankruptcy. Viceroy Research is already under investigation in Germany on similar matters https://www.cnbc.com/2018/03/12/reu...ys-viceroys-prosieben-report-broke-rules.html

Also, to repeat what probably has been said already several times.
One of the "vulnerabilities" requires admin access and malicious BIOS, the rest require admin access and vendor signed malicious drivers.
In the point where your system, network or some such could be vulnerable to these would require you to have someone with malicious intent and admin access to your systems - and at that point every single possible system is already compromised, no matter if it's AMD or anyone else.
 
Low quality post by Dave65
Joined
Mar 7, 2010
Messages
953 (0.19/day)
Location
Michigan
System Name Daves
Processor AMD Ryzen 3900x
Motherboard AsRock X570 Taichi
Cooling Enermax LIQMAX III 360
Memory 32 GiG Team Group B Die 3600
Video Card(s) Powercolor 5700 xt Red Devil
Storage Crucial MX 500 SSD and Intel P660 NVME 2TB for games
Display(s) Acer 144htz 27in. 2560x1440
Case Phanteks P600S
Audio Device(s) N/A
Power Supply Corsair RM 750
Mouse EVGA
Keyboard Corsair Strafe
Software Windows 10 Pro

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
28,472 (4.25/day)
Location
Indiana, USA
Processor Intel Core i7 10850K@5.2GHz
Motherboard AsRock Z470 Taichi
Cooling Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory 32GB DDR4-3600
Video Card(s) RTX 2070 Super
Storage 500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s) Acer Nitro VG280K 4K 28"
Case Fractal Design Define S
Audio Device(s) Onboard is good enough for me
Power Supply eVGA SuperNOVA 1000w G3
Software Windows 10 Pro x64
Also, to repeat what probably has been said already several times.
One of the "vulnerabilities" requires admin access and malicious BIOS, the rest require admin access and vendor signed malicious drivers.
In the point where your system, network or some such could be vulnerable to these would require you to have someone with malicious intent and admin access to your systems - and at that point every single possible system is already compromised, no matter if it's AMD or anyone else.

The one vulnerability allows malicious BIOS to be installed. That is a pretty big issue actually. Beyond the normal malware we see today, because it allows the malware to persist even after a reformat and OS re-install, even after a full replacement of the storage drives. That actually is pretty bad.
 
Joined
Apr 12, 2013
Messages
1,187 (0.30/day)
Processor 11700
Motherboard TUF z590
Memory G.Skill 32gb 3600mhz
Video Card(s) ROG Vega 56
Case Deepcool
Power Supply RM 850
If this thing keeps rolling on CTS might even afford to get some real office space.

Anyway im waiting for AMDs offcial response and after that we can get this show on the road.
 
Joined
Feb 3, 2012
Messages
200 (0.05/day)
Location
Tottenham ON
System Name Current
Processor i7 12700k
Motherboard Asus Prime Z690-A
Cooling Noctua NHD15s
Memory 32GB G.Skill
Video Card(s) GTX 1070Ti
Storage WD SN-850 2TB
Display(s) LG Ultragear 27GL850-B
Case Fractal Meshify 2 Compact
Audio Device(s) Onboard
Power Supply Seasonic 1000W Titanium
So refreshing to see the Oxford comma being used in an article.

Also, regardless of their excuse, 24hrs notice before going public was a stupid decision.
 
Top