13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

[AsRock]

Wintelfell. Get it?

Made me think of the POS WinChip |, not sure if thats what you were getting at. But you most likey will not see some thing like that as they be to worried about being sued.

I can't believe it. Seems that everything to do with computers has lots of serious security vulnerabilities in it, from Windows, to apps, to WPA2, routers, IoT and now CPUs of either brand.

Looks like computer security is a chimera. No wonder the exploits keep coming.

EDIT: Ok, reading some of the comments, it seems that the veracity of this report may be in some doubt. Let's hope it's fake, but I'm not holding my breath.

Whole reason ii stopped watching the news, and this seems like it's being treated the same kinda way. Until some thing else takes it's place.

 

[Zyll Goliat]

 

[GAR]

"Israel" Im sure Intel sponsored this research

 

[jigar2speed]

Guys, we knew AMD was operating on a shoe string budget during Ryzen development. This is not surprising. Even if Intel had a hand in research, that isn't even a crime. Chevy does ads comparing the bed of the F150 with the Silverado steel vs aluminum. It would be negligent to just let AMD market their chips one way when the reality is another. Just analyze it, fix it, and move on. Ryzen is still a great product even if it needs some patches.

You might want to read the article before posting. This flaws need admin right, with admin right any system is vulnerable.

 

[erocker]

It really does seem to be a hit piece on AMD.

Pretty good video on it:

 

[W1zzard]

Added this to the article because a lot of people seem to misunderstand:

Update March 14 7 AM CET: It seems a lot of readers misunderstand the BIOS flashing part. The requirement is not that the user has to manually flash a different BIOS first before becoming vulnerable. The malware itself will modify/flash the BIOS once it is running on the host system with administrative privileges. Also, the signed driver requirement does not require a driver from any specific vendor. The required driver (which is not for an actual hardware device and just provides low-level hardware access) can be easily created by any hacker. Signing the driver, so Windows accepts it, requires a digital signature which is available from various SSL vendors for a few hundred dollars after a fairly standard verification process (requires a company setup with bank account). Alternatively an already existing signed driver from various hardware utilities could be extracted and used for this purpose.

 

[R-T-B]

Added this to the article because a lot of people seem to misunderstand:

Update March 14 7 AM CET: It seems a lot of readers misunderstand the BIOS flashing part. The requirement is not that the user has to manually flash a different BIOS first before becoming vulnerable. The malware itself will modify/flash the BIOS once it is running on the host system with administrative privileges. Also, the signed driver requirement does not require a driver from any specific vendor. The required driver (which is not for an actual hardware device and just provides low-level hardware access) can be easily created by any hacker. Signing the driver, so Windows accepts it, requires a digital signature which is available from various SSL vendors for a few hundred dollars after a fairly standard verification process (requires a company setup with bank account). Alternatively an already existing signed driver from various hardware utilities could be extracted and used for this purpose.

People underestimate how many people capable of doing this are out there, as well.

 

[ShurikN]

The BIOS mod with the 1337 really is a selling point.
Who made this whitepaper, 12 year olds...

 

[InVasMani]

It makes me think that Microsoft should just patch the OS itself to prevent all .bios files from being flashed w/o 2-step authentication first to safe guard against these malicious attacks. Something that important should be better guarded against for these kinds of exploits.

 

[W1zzard]

It makes me think that Microsoft should just patch the OS itself to prevent all .bios files from being flashed w/o 2-step authentication first to safe guard against these malicious attacks. Something that important should be better guarded against for these kinds of exploits.

Can't be done, unless they completely forbid device drivers and manually approve every single one. This will turn Windows into iOS

 

[laszlo]

and admin rights user don't need vulnerabilities to achieve his agenda/rampage

 

[R-T-B]

and admin rights user don't need vulnerabilities to achieve his agenda/rampage

They do to survive a detection/reinstall.

 

[Vya Domus]

"Israel" Im sure Intel sponsored this research

I am usually pretty skeptical about this sort of thing , but this one is buried in so many unusual coincidences and questionable doings it almost looks like it was meant from the get go to look shady as fuck.

 

[laszlo]

They do to survive a detection/reinstall.

don't see where is the need of survive; as admin you can do whatever you want even reinstall when you want and what you want...

 

[R-T-B]

don't see where is the need of survive; as admin you can do whatever you want even reinstall when you want and what you want...

Until someone hops on locally and wipes out all your hard work.

This can survive that... if it's real, anyhow.

 

[silentbogo]

Well, that's beyond fishy... Even without looking at company's background I can tell that this is a load of bullshit just by paying attention to wording in their whitepaper.

We did not attempt to produce exploits for Ryzen Pro and Ryzen Mobile, although we have seen the vulnerabilities in the code. We also did not attempt to produce exploits for MASTERKEY-3.

The others are also quite vague and always imply plausibility, and not a proof (e.g. "if you get access to Fenced RAM, then you are in trouble").

So, basically it's like my occasional rants about PSP and ME, but with better presentation and many-many words.

Also, what I find strange, is that with all of my google-fu skills I cannot find shit about ASM1042 or 1142 vulnerabilities these dudes mention. The only thing I could find is a forced firmware update through upstream port on ASM1074(USB3.0 hub), ASM1053(USB to SATA bridge) ,which is basically a feature, but could be used as an attack vector on the device side. And nothing related to DMA attacks (except for some Thunderbolt stuff from Blackhat 2013, which is not even a hack but still interesting).

P.S> I'm still worried about potential vulnerabilities in ME and PSP, but I'm definitely not worried about these four "totally not made-up, pinkie swear" vulns.

 

[john_]

Meltdown and Spectre weren't?

There is a clear difference between "Meltdown" and, for example, "Intelfail".

 

[W1zzard]

don't see where is the need of survive; as admin you can do whatever you want even reinstall when you want and what you want...

How do you plan on removing the virus in your BIOS that you don't know about, that your antivirus can not find, that has enabled BIOS write protection since it became active?
Buy a new computer, sell old computer on eBay

Oh your name contains "bank" ? Here let me sell you these awesome computers with great motherboards.

Edit: I just realized I should get into the business of selling crypto-equipment

 

[ikeke]

How do you plan on removing the virus in your BIOS that you don't know about, that your antivirus can not find, that has enabled BIOS write protection since it became active?
Buy a new computer, sell old computer on eBay

Oh your name contains "bank" ? Here let me sell you these awesome computers with great motherboards.

Edit: I just realized I should get into the business of selling crypto-equipment

If someone with elevated admin access can craft a modified BIOS or has access to signed drivers that they, again with elevated admin access, can deploy to your system - then you are way too f***ed anyway.

..and to add that having a virus/backdoor/keylogger in the system is the least of your worries if theres a bad actor with this level of access to your environment.

 

[las]

Intel paid for this - Just before Ryzen refresh. What a coincidence...

 

[W1zzard]

If someone with elevated admin access can craft a modified BIOS or has access to signed drivers that they, again with elevated admin access, can deploy to your system - then you are way too f***ed anyway.

..and to add that having a virus/backdoor/keylogger in the system is the least of your worries if theres a bad actor with this level of access to your environment.

You have never run GPU-Z ? It starts with admin privileges and comes with a signed driver

 

[laszlo]

How do you plan on removing the virus in your BIOS that you don't know about, that your antivirus can not find, that has enabled BIOS write protection?
Buy a new computer, sell old computer on eBay

Oh your name contains "bank" ? Here let me sell you these awesome computers with great motherboards.

Edit: I just realized I should get into the business of selling crypto-equipment

i understand your point; one solution would be to have bios update directly from manufacturer server; basically deny the admin the right to manually do it without a connection to bios server from where is flashed

now question is can bios be hacked at manufacturer ? unfortunately the answer is yes as we already had situation when new hardware had hacked bios...

we already know that every hardware is susceptible to intrusion at bios level having the needed means and authorization so we'll be never safe ...

 

[W1zzard]

now question is can bios be hacked at manufacturer ?

Actually the more realistic attack vector is that someone performs a man in the middle attack (malware on your PC, your router, ISP, upstream ISP of mobo vendor) to swap out the BIOS.

 

[delshay]

If a BIOS is re-written, I do believe it resets back to default basic settings. It seems I will keep an eye on this if my computer somehow defaults back for no reason. Please correct me if I am wrong here.

 

[INSTG8R]

I’ll be sure to leave my front door unlocked so the “hackers” can have a go with these flaws...