AMDFlaws.com reports multiple CPU Attack Vectors and Vulnerabilities

AMDFlaws.com reports multiple flaws regarding to AMD CPU’s. The question is if the page can be trusted as source? I believe so and take it serious but want to add right here and now that I have my doubts about the entire background of this story.

AMDFlaws Homepage

Overview

The AMDFlaws.com domain was registered with GoDaddy on the 22, February 2018 and ownership of this particular domain is hidden by Domains By Proxy, LLC. It’s questionable why a so called security company hides the domain ownership identity. The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report which is really really short because usually vulnerability disclosure calls for at least 90 days’ notice – so that companies have time to address flaws properly.

AMD-Secure-Technology-Chart-EN-e79360f2b4036088

Behind all this is the Israeli cyber security research firm with six employees, checking their page reveals some interesting information for example that their phone number (+1-585-233-0321) is a New York one. There other findings which are mentioned later in this article which made me and the community skeptical about the entire story.

AMDFlaws.com

4 Vulnerabilities

  • Master Key – allegedly leverages “multiple vulnerabilities” in the Secure Processor that can infiltrate AMD’s Secure Encrypted Virtualization (SEV) and Firmware Trusted Platform Module (fTPM). Masterkey attacks could allow an attacker to permanently damage Zen-based hardware. Masterkey affect Ryzen, Ryzen Pro, Ryzen Mobile and EPYC
  • Ryzenfall – leverages vulnerabilities in the Secure Processor, giving access to protected memory areas including SMRAM and the isolated memory for the Windows Credential Guard. With escalated privileges, malicious code can be injected to take full control of the Secure Processor, bypass the Windows Credential Guard, and gain access to passwords and even encryption keys
  • Fallout – has a similar attack pattern and threat vectors to Ryzenfall, including gaining access to SRAM and Windows Credential Guard. However, an added wrinkle is that it can bypass protections that are in place on certain systems to prevent the BIOS from being overwritten.
  • Chimera – takes advantage of two backdoors reportedly found in the supporting Ryzen chipset via hardware and another one directly in the firmware. Given that the chipset serves as the central staging area for Wi-Fi, Bluetooth, Network, PCI-E, and USB traffic (among others), attackers can install malware in the chipset to perform man-in-the-middle attacks with a keylogger. Chimera affects Ryzen and Ryzen Pro.
  • amd_01
    Picture Source: CTS-Labs

There not much details given except that all 4 flaws needs to be executed with administrative privileges. The whitepaper doesn’t explain much and was criticized all over the placed on Twitter.

Vulnerabilities Map
Picture Source: CTS-Labs

Some people actually tried the code and it seems to run which means it might be real.

AMD is taking action

At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report which we just received, to understand the methodology and merit of the findings.


AMD

At this point it’s unclear how long it will take to fix these issues with AMD’s processors since it requires more time to properly analyze the flaws and to find ways to fix it.

Fake or not?

There several claims that this could all be a big hoax, however the code of it seems to run and was tested by Jake Williams (Twitter link) – usually this alone is a prove that this seems legit.

The following strange parts are found:

  1. The video seems to made with a green screen
  2. The Isreal company uses a New Yorker phone number
  3. The domain owner was obfuscated
  4. The research company gave AMD only 24 hours
  5. Possible stock market manipulation
  6. Trademark name for one vulnerability ‘Ryzenfall’. Usually no one does this.
  7. The insecure HTTP cts-labs page points to a newer generated HTTPS AMDFlaws.com page
  8. According to Dan Guido the story is made up, he is not the only one but to name a bigger person here I listed him.
  9. Unprofessional whitepaper which not really give as much details as it should.
  10. Confusing statements within the disclaimer.
  11. Removed linkedin profile with the same name CTS Labs – Financial Officer (CFO), Yaron Luk-Zilberman
display
The flaw is discussed on /r/Amd on reddit. Picture Source: Reddit.com via Imgur

Some people do have serious doubts – including myself to be perfectly honest. The domain hides some important information and according to this screen it could all been made up. The whitepaper is really unprofessional and CTS Labs gave AMD no proper time to analyze the 4 flaws.

It’s also worth to say here that the registered domain of CTS-Labs points to AMDFlaws.com.

Market manipulation?

A good explanation would be to manipulate the stock to create such a hoax but it’s only my guess right now. And seems I’m not the only one which thinks this way.

First Conclusion

There some people saying it’s faked others which really inspected the source of it saying it’s real. I will update this story as more information comes in and as AMD reports back to us with their findings based on serious research and not only based on community guessing.

Update & Final Conclusion

The AMDFlaws story is real and not a hoax, it got confirmed by several independent security researchers.

It seems a failed attempt was made to manipulate the stock market just like I said in the initial post. However the threat itself is real and we need to wait until everything is discovered here and until AMD, ASMedia & Co. are finally responding to it which usually takes several months because auditing and testing this takes it’s time and no one likes to rush something to spread possible false information.

I think what we (once again) learned is that people doing everything for money, even shady things like this, however I’m thankfully that this story was real quickly debunked and that the real information are already landed on AMD in order to inspect it, we will see how AMD will handle it and if there is more to say on the details then the pointless whitepaper released by CTS-Labs.

Source

  • Severe Security Advisory on AMD Processors (safefirmware.com [PDF])
  • Security firm discloses range of Ryzen, Epyc, and AMD chipset vulnerabilities (techreport.com)
  • Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD “Should Be $0” (gamersnexus.net)
  • AMD Processors And Chipsets Reportedly Riddled With New Ryzenfall, Chimera And Fallout Security Flaws (Updated) (hothardware.com)
  • AMD’s Ryzen, Epyc security co-processor and chipset have major flaws, researchers claim (pcworld.com)
  • RESEARCHERS POINT TO AN AMD BACKDOOR—AND FACE THEIR OWN BACKLASH (wired.com)
  • After short-selling surge, Israeli firm says it finds AMD chip flaw (reuters.com)
  • Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors (motherboard.vice.com)
  • CTS-Labs Details Potential AMD Security Vulnerabilities (pcper.com)

  • AMD allegedly has its own Spectre-like security flaws (cnet.com)
  • Alleged AMD Zen Security Flaws Megathread (reddit.com/r/amd)
  • AMDFlaws Legal Disclaimer (amdflaws.com)

  • Arrigo Triulzi‏ via Twitter (twitter.com)
  • Josh Walrath‏ via Twitter (twitter.com)
  • Jake Williams‏ via Twitter (twitter.com) he says it’s real 
  • Linus Torvalds reaction on Google+ (plus.google.com)
  • Dan Guido via Twitter (twitter.com)
  • CTS-Labs.com (yep, no HTTPS!) (cts-labs.com)
  • Tavis Ormandy via twitter (twitter.com)
  • AMD And CTS Labs: A Story Of Failed Stock Manipulation (seekingalpha.com)
Advertisements

Comments are closed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: