Questions over Credibility on AMD exclusive vulnerabilities

Frost4Life · March 13, 2018

Background:

An Israeli based cyber security agency founded in Mid of July 2017 named CTS Labs (http://www.cts-labs.com/) has claimed to have discovered 14 vulnerabilities in AMD's Zen micro-architecture. These 14 vulnerabilities are grouped under 4 umbrella

Masterkey (Affects Ryzen Desktop and EPYC)
Ryzenfall (Affects Ryzen Desktop, Ryzen Pro and Ryzen Mobile)
Fallout (Affects only EPYC)
Chimera (Affects Ryzen Desktop and Ryzen Pro)

How they can be exploited: According to a 20 page Whitepaper published on the website (https://amdflaws.com/) which is maintained by CTS Labs,

Masterkey requires user to re-flash the BIOS with a specially crafted BIOS update.
Ryzenfall, Fallout and Chimera requires attacker be able to run a program with local-machine elevated administrator privileges meanwhile accessing the Secure Processor to exploit them is done through a vendor supplied driver that is digitally signed.

Questions on the Authenticity of the information:

The CTS Lab's website was registered on 25th July 2017, around the same time period when Google reportedly informed Intel about Spectre and Meltdown. Additionally the website "amdflaws.com" which is maintained by CTS Labs and hosts the Whitepaper was created just 19 days ago (as of writing this post). The Whitepaper itself doesn't contain much information and just explains some technologies and the implications of the exploits, more like an article. What's of most interest in my opinion is the disclaimer on the last page of the Whitepaper.

It says, "The report and all statements contained herein are opinions of CTS and are not statements of fact." and "Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports."

An interesting information that may/may not be of any relevance here is the fact that CTS Labs is based in Tel Aviv where Intel has a facility and invests Billions of Dollars.

Sources:
Registration date of CTS Lab's website - https://goo.gl/j8y7jE
Registration date of AMD Flaws's website which hosts the 20 page whitepaper - https://goo.gl/ERhA3c
20 page whitepaper - (Can't link it for some reason, it's available on AMD Flaw's website at www.amdflaws.com
Explanation of vulnerabilities and requirements for exploitation - Whitepaper

P.S - I hope posting shortened URLs is okay because the original GoDaddy URLs are too long.