AMD Security

AMD Vs. CTS-Labs – Topic Closed

AMD responded in a community post what’s really behind the claims from CTS-Labs – AMD makes it very clear that the issues identified by CTS-Labs research have very less to do with Meltdown & Spectre security holes, but there also telling us that these are associated with the firmware that manages the AMD Secure Processor (PSP) – similar to Intel’s ME. The chipset used in some AM4 and TR4 motherboards as well as others are getting a firmware patches (BIOS updates) for this.


AMD Confirms CTS-Labs Exploits

AMD Notes that all issues raised in the CTS-Labs report require administrative access to the machine in order to implement and this isn’t a surprise and already well known. This means you can’t abuse anything unless you already have the full control over the PC.

Firmware patches planned

AMD will release in the near future a firmware patch that will be available via a normal BIOS update. This will not have any impact on your PC performance (not like Spectre). An article on PCPer & AnandTech showing more details on what exactly will be patched here.

CTS-Labs with more information (but still unable to respond)

CTS-Labs released a YouTube video to demonstrate the Proof-of-Concept (PoC). However, the comments for this video are disabled and there not talking with everyone about their findings which is suspect, it’s also questionable why they released their video not earlier – now after some pressure we at least got ‘something’.

There Masterkey 1 POC shows how they’re installing a modified BIOS on a TYAN motherboard which causes screen-flickering during the process.

CTS Labs told us that it bucked the industry-standard 90-day response time because, after it discussed the vulnerabilities with manufacturers and other security experts, it came to believe that AMD wouldn’t be able to fix the problems for “many, many months, or even a year.”


Initial AMD Technical Assessment of CTS Labs Research

On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with its findings. Security and protecting users’ data is of the utmost importance to us at AMD and we have worked rapidly to assess this security research and develop mitigation plans where needed. This is our first public update on this research, and will cover both our technical assessment of the issues as well as planned mitigation actions.

The security issues identified by the third-party researchers are not related to the AMD “Zen” CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.

As described in more detail below, AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations. It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings. Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues. A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.

Mark Papermaster,
Senior Vice President and Chief Technology Officer

Final Conclusion

CTS-Labs claims a lot on most of the things there trying to say is garbage, an exploit which needs already full access to the machine is not an exploit it’s like saying I got the keys from your house and then I can do some damage with that. The good thing is that none of mentioned issues are Zen CPU specific. AMD confirms it’s related to the PSP and ASMedia chipsets which I see more critical here since this is not so easy to patch especially because more systems are affected here.

CTS-Labs are unprofessional ‘kids’ and they have tried to get more attention on their findings than they really deserved. They got their 5 minutes attention and now it’s over AMD releases some patches (and yes faster than within one year!) and that’s the end of their story.

ASMedia has bigger issue in my opinion but on the other side nothing is unfixable if you want to fix it. I think these guys are also not sleeping right now and watching CTS-Labs like the rest of the world.

I think the real reason is that these guys still tried to manipulate the stock market in order to make quickly some money and now there trying to cover this with an exploit which is not really an exploit – but this is only my guess.