Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Coaxialgamer

[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

wkdpaul

Please keep the conversation civil and respectful, as per the Community Standards;

Quote
  • Ensure a friendly atmosphere to our visitors and forum members.
  • Encourage the freedom of expression and exchange of information in a mature and responsible manner.
  • "Don't be a dick" - Wil Wheaton.
  • "Be excellent to each other" - Bill and Ted.
  • Remember your audience; both present and future.

 

Message added by wkdpaul

Recommended Posts

Posted · Original PosterOP

CTS , a reasearch group has discovered potentially up to 13 flaws affecting Zen-based cpus ( this includes ryzen , ryzen pro , threadripper and epyc ) which could allow a malicious attacker to take control of a computer and/or access secure data that would usually stay our of reach .

CTS has contacted AMD , but only allowed them 24 hours instead of the customary 90 days , which is kind of a duck move in my opinion

Quote

 

Researchers have discovered critical security flaws with AMD's chips, allowing attackers to access sensitive data from highly guarded processors across millions of devices.

Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer.

10788-ryzen-chip-left-angle-960x548.png.132dc403e06cc98fcfe20fedf9424499.png

Quote

Researchers from CTS-Labs, a security company based in Israel, announced on Tuesday that they found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on it. AMD's Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. 

 

 

 

Quote

The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days notice, so companies have time to address flaws properly.

"At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings," an AMD spokesman said.

Quote

Master Key:

 

When a device starts up, it

typically goes through a "Secure Boot." It uses your processor to check that nothing on your computer has been tampered with, and only launches trusted programs. 

The Master Key vulnerability gets around this start-up check by installing malware on the computer's BIOS, part of the computer's system that controls how it starts up. Once it's infected, Master Key allows an attacker to install malware on the Secure Processor itself, meaning they would have complete control of what programs are allowed to run during the start-up process.

 

Ryzenfall

This vulnerability specifically affects AMD's Ryzen chips, and would allow malware to completely take over the secure processor. 

That would mean being able to access protected data, including encryption keys and passwords. These are regions on the processor that a normal attacker would not be able to access, according to the researchers.

If an attacker can bypass the Windows Defender Credential Guard, it would mean they could use the stolen data to spread across to other computers within that network. 

Fallout

Like Ryzenfall, Fallout also allows attackers to access protected data sections, including Credential Guard. But this vulnerability only affects devices using AMD's EPYC secure processor. In December, Microsoft announced a partnership with for its Azure Cloud servers using AMD's EPYC processor.

Chimera

Chimera comes from two different vulnerabilities, one in its firmware and one in its hardware.

The Ryzen chipset itself allow for malware to run on it. Because WiFi, network and Bluetooth traffic flows through the chipset, an attacker could use that to infect your device, the researchers said. In a proof-of-concept demonstration, the researchers said it was possible to install a keylogger through the chipset. Keyloggers would allow an attacker to see everything typed on an infected computer.

Source (cnet) 

https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

 

 I honestly don't know what to say, but this is bad. Lets hope a patch comes in quick that doesn't cripple performance. 

 

Update : AMD has released a brief statement regarding the issue :

http://quarterlyearnings.amd.com/news-releases/news-release-details/view-our-corner-street-0

Quote
We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.

 


AMD Ryzen 7 3.8ghz at 1.3V Corsair vengeance LPX 8GB 2800mhz @ 3200mhz CAS 16 + 2*4GB micron ballistics @ 3200mhz cas 16 ;Gigabyte ga-ab350-Gaming 3; cooler master nepton 240M ; CF r9 290x tri x + r9 290 tri x ; CX750M PSU ; SPEC 03 case with 9 120mm fans ; windows 10 64 bit 

Link to post
Share on other sites

It's likely not going to affect performance because this affects a part of the processor that isn't part of the front end or back end. It sounds like a similar vulnerability with the whole Intel IME thing.

Link to post
Share on other sites

So just 24Hrs further notice to AMD? Bad action from whoever found these bugs.


CPU: i7-2600K 4751MHz 1.44V (software) --> 1.47V at the back of the socket Motherboard: Asrock Z77 Extreme4 (BCLK: 103.3MHz) CPU Cooler: Noctua NH-D15 RAM: Adata XPG 2x8GB DDR3 (XMP: 2133MHz 10-11-11-30 CR2, custom: 2203MHz 10-11-10-26 CR1 tRFC:230 tREFI:14000) GPU: Asus GTX 1070 Dual (Super Jetstream vbios, +70(2025-2088MHz)/+400(8.8Gbps)) SSD: Samsung 840 Pro 256GB (main boot drive), Transcend SSD370 128GB PSU: Seasonic X-660 80+ Gold Case: Antec P110 Silent, 5 intakes 1 exhaust Monitor: AOC G2460PF 1080p 144Hz (150Hz max w/ DP, 121Hz max w/ HDMI) TN panel Keyboard: Logitech G610 Orion (Cherry MX Blue) with SteelSeries Apex M260 keycaps Mouse: BenQ Zowie FK1

 

Model: HP Omen 17 17-an110ca CPU: i7-8750H (0.125V core & cache, 50mV SA undervolt) GPU: GTX 1060 6GB Mobile (+80/+450, 1650MHz~1750MHz 0.78V~0.85V) RAM: 8+8GB DDR4-2400 18-17-17-39 2T Storage: 1TB HP EX920 PCIe x4 M.2 SSD + 1TB Seagate 7200RPM 2.5" HDD (ST1000LM049-2GH172), 128GB Toshiba PCIe x2 M.2 SSD (KBG30ZMV128G) gone cooking externally Monitor: 1080p 126Hz IPS G-sync

 

Desktop benching:

Cinebench R15 Single thread:168 Multi-thread: 833 

SuperPi (v1.5 from Techpowerup, PI value output) 16K: 0.100s 1M: 8.255s 32M: 7m 45.93s

Link to post
Share on other sites

As scary as it sounds. THis sounds like Intel IME kind of exploit.


The norms in which determines the measure of morality of a human act are objective to the moral law and subjectively man/woman's conscience

Link to post
Share on other sites

DON'T PANIC!

 

It happens. It'll get fixed. It'll be forgotten soon enough. How many are still worried about Meltdown/Spectre? It isn't over, but the scaremongering news is over and is pretty much business as normal for most.


Main rig: Asus Maximus VIII Hero, i7-6700k stock, Noctua D14, G.Skill Ripjaws V 3200 2x8GB, Gigabyte GTX 1650, Corsair HX750i, In Win 303 NVIDIA, Samsung SM951 512GB, WD Blue 1TB, HP LP2475W 1200p wide gamut

Gaming system: Asrock Z370 Pro4, i7-8086k stock, Noctua D15, Corsair Vengeance LPX RGB 3000 2x8GB, Gigabyte RTX 2070, Fractal Edison 550W PSU, Corsair 600C, Optane 900p 280GB, Crucial MX200 1TB, Sandisk 960GB, Acer Predator XB241YU 1440p 144Hz G-sync

Ryzen rig: Asrock B450 ITX, R5 3600, Noctua D9L, G.SKill TridentZ 3000C14 2x8GB, Gigabyte RTX 2070, Corsair CX450M, NZXT Manta, WD Green 240GB SSD, LG OLED55B9PLA

VR rig: Asus Z170I Pro Gaming, i7-6700T stock, Scythe Kozuti, Kingston Hyper-X 2666 2x8GB, Zotac 1070 FE, Corsair CX450M, Silverstone SG13, Samsung PM951 256GB, Crucial BX500 1TB, HTC Vive

Gaming laptop: Asus FX503VD, i5-7300HQ, 2x8GB DDR4, GTX 1050, Sandisk 256GB + 480GB SSD

Total CPU heating: i7-8086k, i3-8350k, i7-7920X, 2x i7-6700k, i7-6700T, i5-6600k, i3-6100, i7-5930k, i7-5820k, i7-5775C, i5-5675C, 2x i7-4590, i5-4570S, 2x i3-4150T, E5-2683v3, 2x E5-2650, E5-2667, R7 3700X, R5 3600, R5 2600, R7 1700

Link to post
Share on other sites
4 minutes ago, VegetableStu said:

I just read the source whitepaper from the researchers themselves. are they strictly hacks that can only be initiated with in-person access?

(also any idea if updating BIOSes in an active Windows environment is a thing?)

Regarding Masterkey:

Quote
Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update.

That's like saying "you can exploit Windows by installing a botnet on the target machine" and claiming Windows has flaws.

Link to post
Share on other sites

this isn't aimed at average joe that was an R5, it's most for companies, it can affect us all (not me exactly i have Intel) but they have much more to lose.


.

Link to post
Share on other sites

While I'm sure there's some validity to this, it is highly suspicious. It's a company formed in 2017 with 3 employees. They are a consultancy firm. It seems their entire existence has been based on being paid to find exploits on AMD products. I wonder if Intel is funding this. The whole 24 hour notice and creating an entire website around it is classic con artist strategy. I also noticed the white paper emphasized "Taiwanese" a lot. Seems targeted at US institutions. 

 

The vulnerabilities are many and look bad but it does seem like a lot of it is based around physical access or user error - rather than remote exploit. I hope AMD has a reasonable response.

 

I do think it's a smear campaign though. Regardless of the validity.

Link to post
Share on other sites
31 minutes ago, Coaxialgamer said:

I honestly don't know what to say, but this is bad.

Honestly this is bad, but mostly from the perspective that this is clearly a hit piece and will likely have legal ramifications for CTS labs and their benefactor. @rcmaehl does a great job breaking down why this is the text book definition of yellow journalism.

 

Adding to that, since the domains for both sites were registered around the time Intel was notified of Spectre and Meltdown, this is more than likely a smear campaign put together by Intel to take some of the air out of the Ryzen 2 release next month.

Link to post
Share on other sites
Just now, snortingfrogs said:

This is pretty darn big.

 

 

 

Shame your post isn't. 


muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to post
Share on other sites
3 minutes ago, M.Yurizaki said:

Someone already pointed out that this isn't so much an exploit as downloading and installing a virus.

Well Intel payed for the "independent research" so they need to use all the scary sounding words.

Link to post
Share on other sites
4 minutes ago, snortingfrogs said:

The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing this report.

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?


We have a NEW and GLORIOUSER PSU Tier List Now.

 

You can check out the old one that gave joy to so many across the land here

 

Computer having a hard time powering on? Troubleshoot it with this guide. (Currently looking for suggestions to update it into the context of <current year> and make it its own thread)

Computer Specs:

Spoiler

 Mathresolvermajig: Intel Xeon E3 1240 (Sandy Bridge i7 equivalent)
Framepainting-inator: MSI RX 480 Gaming X 8GB Died in a horrible mining accident. Currently looking for used Vega 56s!

Attachcorethingy: GA-H61M-S2V-B3

Infoholdstick: Corsair 2x4GB DDR3 1333 CAS 9

Computerarmor: CM Elite 360 (Moddded to all hell by now)

Rememberdoogle: 120GB Trion 150 + 1TB WD RE+ + 240GB SSD Plus

AdditionalPylons: Corsair CX450M

Letterpad: Rosewill Apollo 9100 (Cherry MX Red)

Buttonrodent: EVGA Torq X3

Auralnterface: @Den-Fi が2年前にくれたヘッドフォン

Liquidrectangles: AOC G2260VWQ6 (Freesync 75Hz), Samsung SMB2030N (1600x900 VGA)

Brother's Computer:

Spoiler

Mathresolvermajig: Intel i3-2100 (carry over from my old build)
Framepainting-inator: GTX 650 Ti

Attachcorethingy: Intel Z68 (don't know anything else, got it from ebay for like $40)

Infoholdstick: Corsair 2x2GB 1333MHz C9

Computerarmor: Ashamed to say

Rememberdoogle: 120GB SP550 + 500GB 2.5" from a laptop

AdditionalPylons: Antec Basiq BP350 (not as loud as @STRMfrmXMN says it is) (actually pretty loud for my standards)

Letterpad: Logitech MK120 bundle

Buttonrodent: See above

Auralnterface: Hah! You wish

Liquidrectangles: Samsung 1600x900 + LG 1440x900

Link to post
Share on other sites
Just now, Energycore said:

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?

It's not a law, it's just a gentlemen's agreement between giving the developer time to fix it and letting everyone else know there's a problem. And the only way to know your system is fixed is to know how to exploit it and see the exploit fail.

Link to post
Share on other sites
1 minute ago, Energycore said:

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?

 


PLEASE QUOTE ME IF YOU ARE REPLYING TO ME
LinusWare Dev | NotCPUCores Dev

Desktop Build: Ryzen 7 1800X @ 4.0GHz, AsRock Fatal1ty X370 Professional Gaming, 32GB Corsair DDR4 @ 3000MHz, RX480 8GB OC, Benq XL2730 1440p 144Hz FS

Retro Build: Intel Pentium III @ 500 MHz, Dell Optiplex G1 Full AT Tower, 768MB SDRAM @ 133MHz, Integrated Graphics, Generic 1024x768 60Hz Monitor


 

Link to post
Share on other sites
Just now, M.Yurizaki said:

It's not a law, it's just a gentlemen's agreement between giving the developer time to fix it and letting everyone else know there's a problem.

I think this should have been handled in a similar manner to Spectre and Meltdown. At least patches would have been in place for some of them. 

Link to post
Share on other sites
1 minute ago, Energycore said:

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?

Well that was when Intel was involved also, this only affects AMD as far as I can tell so I consider them lucky they even gave them 24 hours...

Link to post
Share on other sites
7 minutes ago, Some Random Member said:

Well Intel payed for the "independent research" so they need to use all the scary sounding words.

Source?

It's not mentioned in the article linked.

 

 

6 minutes ago, Energycore said:

Isn't this against the law in some way? Every other vulnerability has been given months in advance before being announced. What gives?

Nope. The reason why other vulnerabilities such as those discovered by Google are given months of time before public disclosure is because they are being nice and acting responsibly. They have no obligation to do so however.

It's actually not that uncommon that people and companies publicly announces vulnerabilities as soon as they are discovered, or like in this case where they were given 24 hours.

Link to post
Share on other sites
50 minutes ago, rcmaehl said:

This all screams smear campaign

How can one, at this point, believe it not to be such? All you really need for this conclusion is the name of that website. They even say shit like

Quote

Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports

in their disclaimer on that site...

 

Not to mention that all of those "flaws" seem to require admin privileges on the computer, direct access on said computer or even tampering with the hardware, like the bios thing. Seriously how can you even call it a flaw when you must hack the motherboard's bios for it to exist in the first place?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×