[Update] Security flaws discovered in AMD zen processors : AMD's meltdown?

[LAwLz]

33 minutes ago, apm said:

whos that? 

30 minutes ago, GoldenLag said:

Out of curiosity. Please name said companies. To allow for further eyesight into this

Dan Guido from Trail of Bits.

 

 

He also had this to say about the documentation and PoC provided to them:

 

 

And we also have Jake Williams saying this:

Quote

I've done as thorough analysis as possible given the technical details in the paper. I'm confident this is real.

 

 

 

 

Edit:

Here is my post from the other thread (can some mod please merge them or something?)

9 minutes ago, LAwLz said:

Some facts and thoughts from me:

 

 

The pro-AMD things first, so that people won't get mad at me and stop reading instantly:

 

The white paper is not that well written. I mean, it contains a lot of information which is correct, but it also contains things like on page 2 where it it tries linking Asus' issues with their routers to ASMedia having backdoors. I mean, there is a logical trail to be made between AMD having backdoors in their chipsets because Asus got in trouble with the FTC... But it's a very big stretch. Here their logic by the way:

ASMedia made the chipset for AMD -> ASMedia is owned by Asus -> FTC punished Asus for having poor router security -> therefore AMD chipsets has poor security.

When you read their document it kind of makes sense, but when you strip out all the fluff and link their logic up on a straight line like this, it sounds very silly.

 

There are a lot of mentions of "backdoors" in the paper, even though it also says they are "basic security design errors". Sorry, but a design error is not a backdoor.

Errors are by definitions mistakes.

Backdoors are by deliberate, at least that's how I use the term and that seems to be the agreed upon definition.

So you can't have it both ways. Are they mistakes or deliberate?

 

These are all attacks which relies on the system already being compromised in some way. For example needing admin privilege. Chances are if you are in that situation you're already pretty screwed, but these exploits makes things even worse.

 

The people behind this are unethical and scummy. Chances are they are deliberately trying to lower AMD's stock value. Not sure why though.

 

The statement that these issues are "practically un-patchable" seems to be grabbed out of thin air to me.

 

 

 

And now the "anti-AMD" part:

 

Other security firms, more specifically Trail of Bits, has confirmed that these vulnerabilities do exist, and there is working code to exploit them. In fact he even went as far as to say "we found their documentation far above average for typical security companies, the exploit code all worked exactly as described, and worked on the first try".

Jake Williams (from Rendition Infosec) has also said that "I'm confident this is real".

 

I think it is laughable that some of you are trying to discredit these findings for reasons such as "they have disabled comments on Youtube". Seriously, are you guys for real? Who the fuck cares when the website was registered, or when the Youtube channel was made? None of that matters. What matters is the information they are providing.

It's like listening to 12 year olds trying to play detectives to throw dirt at someone who took their lunch money. Nobody should give two shits if they use stock images in their video or not because that is irrelevant to whether or not their findings are legitimate.

 

They aren't as irresponsible as you might think. They provided AMD and other firms with the PoC without making it public. That reduces the risk of potential attacks by quite a lot.

 

These exploits do not need physical access. Not even the BIOS flashing ones does (which are 3 of the exploits, the other 10 does not need BIOS modifications).

"Local-machine elevated administration privilege" does not mean local as in physical access. It means local as in, on the computer.
 

Some of these issues are related to ASMedia chips, which have been known to be vulnerable before, although right now it's difficult to find articles about it because everything just brings up these AMD news.

[leadeater]

4 minutes ago, sazrocks said:

On the other hand though, datacenter applications were affected by multiple percent, which is huge for that market.

Well not really, as I said only some specific server applications like haproxy. For the most part we haven't noticed any significant slow down but not to drag this thread in to that conversation again it depends on what mitigations have been enabled because on the server OS not all are on by default like with Windows desktop OS and you don't need them on on all servers.

[Arika]

The bias on this forum never ceases to amaze me. If this was Intel everyone would be losing their collective shit and saying they will be switching, But because it's AMD 

"Oh this is a smear campaign paid for by Intel"

"Fake"

"It's fine it will be fixed"

" It won't affect consumers, only companies"

 

The fuck guys?

[Methos]

This was orchestrated by nVidia. I can't say too much right now but I have proof.

[Dujith]

2 minutes ago, Sierra Fox said:

The bias on this forum never ceases to amaze me. If this was Intel everyone would be losing their collective shit and saying they will be switching, But because it's AMD 

"Oh this is a smear campaign paid for by Intel"

"Fake"

"It's fine it will be fixed"

" It won't affect consumers, only companies"

 

The fuck guys?

I think the problem is the way this was published and looks more like a short sell deal then the Meltdown and other vulnerabilities publications. And its not just here. Everywhere i look (including some die hard Intel fanboy forums  ) i see raised eyebrows on how this is handled. 

[apm]

some more info on the company behind this:

https://www.nytimes.com/reuters/2018/03/12/business/12reuters-prosieben-media-accounts.html

https://www.moneyweb.co.za/in-depth/investigations/viceroy-unmasked/

it could be a front for other investors to publish such documents and shortsell their stocks.

the videos they put out look greensceened with stock pictures.

 

11 minutes ago, LAwLz said:

the exploits might be real but not usable in the wild, if an attacker has admin access and can just flash the bios you have a lot of bigger problems than these exploits.

a whitepaper without any technical details is not meant to protect the public, but to influence stockholders.

these exploits are theoretical, as far as i understand it you cant just mod a bios and flash ryzen motherboards with it.

[Ryujin2003]

3 minutes ago, Methos said:

This was orchestrated by nVidia. I can't say too much right now but I have proof.

Hurry up, I think someone is following you ... They might be listening in on our conversation right now.

[Arika]

2 minutes ago, Dujith said:

I think the problem is the way this was published and looks more like a short sell deal then the Meltdown and other vulnerabilities publications. And its not just here. Everywhere i look (including some die hard Intel fanboy forums  ) i see raised eyebrows on how this is handled. 

I'm not referring to the content of the article. If the exact same article was published with Intel in place of amd the reaction would not be the same, a large large majority of people would just believe it regardless of how it was written simply because it was Intel.

[hobobobo]

2 minutes ago, Sierra Fox said:

I'm not referring to the content of the article. If the exact same article was published with Intel in place of amd the reaction would not be the same, a large large majority of people would just believe it regardless of how it was written simply because it was Intel.

rooting for the underdog has always been a thing, even if the said underdog is a multibillion company

And intel deserves alot of blind hate its getting, even though i seriously doubt not complete fanbois would jump on it considering the quality of material provided

[Razor01]

What if the secure processor was disabled wouldn't that fix most of these problems?

 

If I'm not mistaken, AMD had issues with its secure processor before too.

[hobobobo]

26 minutes ago, apm said:

the exploits might be real but not usable in the wild, if an attacker has admin access and can just flash the bios you have a lot of bigger problems than these exploits.

a whitepaper without any technical details is not meant to protect the public, but to influence stockholders.

these exploits are theoretical, as far as i understand it you cant just mod a bios and flash ryzen motherboards with it.

The scary thing about the exploits is once a system is compromised it needs to be replaced completly since currently there is no way to peek into amd security conclave. Their dribble about it being unfixable is just that untill amd says otherwise, but still having undetectable malware on your system is scary for large-scale users and the potential cost is immense

 

edit: shit phrasing by me, not the whole system but cpu and mobo since chipset and security enclave are vurnerable, and as of now cant be verified to be not compromised in case of a successfull attack

[sazrocks]

28 minutes ago, Sierra Fox said:

The bias on this forum never ceases to amaze me. If this was Intel everyone would be losing their collective shit and saying they will be switching, But because it's AMD 

"Oh this is a smear campaign paid for by Intel"

"Fake"

"It's fine it will be fixed"

" It won't affect consumers, only companies"

 

The fuck guys?

Have you actually looked at the details of this? The sketchiness is pretty crazy.

[Energycore]

~Merged both threads about this news.

[RagnarokDel]

5 hours ago, Coaxialgamer said:

Source (cnet) 

https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

 

 I honestly don't know what to say, but this is bad. Lets hope a patch comes in quick that doesn't cripple performance. 

This is a hitjob. It's a giant troll that stinks of bribe and defamation.

[Energycore]

26 minutes ago, Sierra Fox said:

I'm not referring to the content of the article. If the exact same article was published with Intel in place of amd the reaction would not be the same, a large large majority of people would just believe it regardless of how it was written simply because it was Intel.

You say that, but do you have an example of this actually happening? When has AMD done something sketchy, but people in LTT written it off? I'd love to see it.

 

1 hour ago, LAwLz said:

And now the "anti-AMD" part:

 

Other security firms, more specifically Trail of Bits, has confirmed that these vulnerabilities do exist, and there is working code to exploit them. In fact he even went as far as to say "we found their documentation far above average for typical security companies, the exploit code all worked exactly as described, and worked on the first try".

Jake Williams (from Rendition Infosec) has also said that "I'm confident this is real".

 

I think it is laughable that some of you are trying to discredit these findings for reasons such as "they have disabled comments on Youtube". Seriously, are you guys for real? Who the fuck cares when the website was registered, or when the Youtube channel was made? None of that matters. What matters is the information they are providing.

It's like listening to 12 year olds trying to play detectives to throw dirt at someone who took their lunch money. Nobody should give two shits if they use stock images in their video or not because that is irrelevant to whether or not their findings are legitimate.

 

They aren't as irresponsible as you might think. They provided AMD and other firms with the PoC without making it public. That reduces the risk of potential attacks by quite a lot.

 

These exploits do not need physical access. Not even the BIOS flashing ones does (which are 3 of the exploits, the other 10 does not need BIOS modifications).

"Local-machine elevated administration privilege" does not mean local as in physical access. It means local as in, on the computer.
 

Some of these issues are related to ASMedia chips, which have been known to be vulnerable before, although right now it's difficult to find articles about it because everything just brings up these AMD news.

The fact that the vulnerabilities are real doesn't take away from the "smear campaign" as we're calling it, as the firm didn't notify AMD with enough time and they seem to have tipped people who talk about stocks.

 

EDIT: I should have read your whole post

1 hour ago, LAwLz said:

The people behind this are unethical and scummy. Chances are they are deliberately trying to lower AMD's stock value. Not sure why though.

About how you can benefit this, there's a kind of stock trading you can do in certain exchanges where the exchange lends you some shares, then you sell them at a high price (sell them "short"), buy them lower, then give them back. Any money made because you bought lower than you sold is your profit. So given that and a bit of Occam's Razor leads me to conclude that this is most likely why they're doing this.

 

Whether or not legitimate or legal, this was done in bad blood imo.

[WkdPaul]

2 hours ago, Digital_Zero said:

*snip*

 

Threads merged

[Blademaster91]

20 minutes ago, sazrocks said:

Have you actually looked at the details of this? The sketchiness is pretty crazy.

Their reply wasn't about the details of the subject but how biased people are being about it,if this was about Intel everyone would be believing it.

Researcher and CEO of Trail of Bits,Dan Guido says all 13 vulnerabilities worked on their first attempt.

https://twitter.com/dguido/status/973628933034991616

26 minutes ago, hobobobo said:

Have you actually looked at the details of this? The sketchiness is pretty crazy.

 

 

 

 

If someone chooses to run all software in admin mode they have a bit more to worry about though yeah it's essentially a "blackbox" since AMD refused to make their secure processor open source so third party security firms could fill any potential holes.

[DoctorWho1975]

Problem is to exploit these you would have to have enough access to pick up the computer and walk away with it. If you have that kind of access, there are more issues. And what about Linux? Considering how much enterprise shit runs on Linux wouldn't you want to exploit it? I'm sure there are companies with EPYC processors, in a data center, who have no windows in their network.

[sazrocks]

7 minutes ago, Blademaster91 said:

Their reply wasn't about the details of the subject but how biased people are being about it,if this was about Intel everyone would be believing it.

Researcher and CEO of Trail of Bits,Dan Guido says all 13 vulnerabilities worked on their first attempt.

https://twitter.com/dguido/status/973628933034991616

I’m not doubting that the vulnerabilities are real. I don’t see any evidence that would point to it being likely that members of this forum would be attacking intel if the situation were reversed.

[Razor01]

2 minutes ago, DoctorWho1975 said:

Problem is to exploit these you would have to have enough access to pick up the computer and walk away with it. If you have that kind of access, there are more issues. And what about Linux? Considering how much enterprise shit runs on Linux wouldn't you want to exploit it? I'm sure there are companies with EPYC processors, in a data center, who have no windows in their network.

 

I haven't read all of the documentation yet, but this seems to be a lower level than the operating system, so any operating system can be affected.

[mr moose]

1 hour ago, LAwLz said:

The statement that these issues are "practically un-patchable" seems to be grabbed out of thin air to me.

 

 

And that right there is the crux of the issue, if they know it was going to be very hard to patch why only give 24 hours. That's a really poor move for everyone except themselves.

 

 

20 minutes ago, Energycore said:

The fact that the vulnerabilities are real doesn't take away from the "smear campaign" as we're calling it, as the firm didn't notify AMD with enough time and they seem to have tipped people who talk about stocks.

 

 

So were are the people calling the HardOCP article a smear campaign against Nvidia?  that one doesn't even have any evidence behind it yet people are taking it as read.

 

The bias is certainly real when it comes to certain users.

[Arika]

21 minutes ago, Energycore said:

You say that, but do you have an example of this actually happening? When has AMD done something sketchy, but people in LTT written it off? I'd love to see it.

.

This thread and the others about spectre

 

I'm just going to quote my self from earlier since I'm not talking about the context of these supposed flaws

 

Quote

I'm not referring to the content of the article. If the exact same article was published with Intel in place of amd the reaction would not be the same, a large large majority of people would just believe it regardless of how it was written simply because it was Intel.

That's my issue. Regardless of if it's real or not, this forum has an air of AMD can do no wrong and Intel can do no right.

 

The whole Spector meltdown debacle when it was announced that the issues were resolved the AMD side of things were along the lines of "yay AMD thank you for doing it so fast" Intel side was more "fuck you, it should never have happen in the first place"

[TechyBen]

Spector =/= Meltdown. Hence the difference. Ahem.

[David89]

Personally, i REALLY would like to know, how and why Dan Guido has said anything at all. Many other Security Experts are saying that pretty much all of that is - at least until now - absolute bullcrap.

 

 

BTW, The much bigger question is: IF there is some merit to the PSP being vulnerable (read: Same problem as Intels ME, that STILL haven't been fixed fully, mind you!) - how can it be possible to bypass the Windows 10 VSM, that Microsoft praised as one of the absolute killer security features? By design it should be impossible to run unprotected code, that isn't hashed correctly by the LSASS.

 

Having to need physical access to the machine is a must in all of those cases, so even IF there are real flaws in the System from "the inside" - what do they matter if the attacker has physical access to your machine?

[Energycore]

Just now, mr moose said:

 

So were are the people calling the HardOCP article a smear campaign against Nvidia?  that one doesn't even have any evidence behind it yet people are taking it as read.

 

The bias is certainly real when it comes to certain users.

For me the biggest tell on this one is that the researchers violated standard procedure on the time given before public disclosure.

 

I'll admit that even though I personally can't find sketchy stuff about the HardOCP article, it is true that sketchy stuff from Intel/Nvidia is more likely to be reported in these forums. It might not be bias for AMD, for me personally it's more of a bad sentiment for companies that clearly don't mind doing shady stuff. If they have the history of doing it, every time they do it is more telling for me.

 

Lest we forget when ATi cheated on Futuremark Benchmarks back in the mid 2000s.

 

Anyway, the point I'm trying to make is that being aware of the bias that these forums and myself have, this still looks sketchy.

 

As I said up there when I quoted @LAwLz, calling them sketchy doesn't take away from the vulnerabilities themselves (that would be an argumentum ad hominem), however it's important to call them out anyway, then look at the vulnerabilities separately. As for the latter, they seem to be unimportant as they require that your computer already be compromised.

Just now, David89 said:

Personally, i REALLY would like to know, how and why Dan Guido has said anything at all. Many other Security Experts are saying that pretty much all of that is - at least until now - absolute bullcrap.

 

BTW, The much bigger question is: IF there is some merit to the PSP being vulnerable (read: Same problem as Intels ME, that STILL haven't been fixed fully, mind you!) - how can it be possible to bypass the Windows 10 VSM, that Microsoft praised as one of the absolute killer security features? By design it should be impossible to run unprotected code, that isn't hashed correctly by the LSASS.

 

Having to need physical access to the machine is a must in all of those cases, so even IF there are real flaws in the System from "the inside" - what do they matter if the attacker has physical access to your machine?

Alright, definitely comforting when someone expert in the matter agrees with one

 

I expect this to die off by thursday.