Published: Wed, March 14, 2018
Science | By Joan Schultz

Security Firm Claims AMD Chips Have Critical Vulnerabilities

Security Firm Claims AMD Chips Have Critical Vulnerabilities

The 13 different vulnerabilities affect processors found in desktops, laptops, and servers. The vulnerabilities, which are examined at length at TechRepublic's sister site CNET, center around the implementation of the AMD Platform Security Processor (PSP).

"You're virtually undetectable when you're sitting in the secure processor", Luk-Zilberman said of the flaws. It could also disable security features such as fTPM or SEV.

According to CTS-Labs, there are three derivatives of Masterkey, all of which have been proven on Epyc and Ryzen. The researchers said it could take "several months to fix".

A few AMD CPUs are affected by vulnerabilities similar to Spectra and Meltdown, two types of vulnerabilities which have affected some of the Intel processors earlier this year. Ryzenfall and Fallout have been tested on Ryzen, Ryzen Pro, and Epyc; Ryzen Mobile chips are not affected.

The researchers claim the Chimera AMD flaws are due to "poor security practices" by the third-party manufacturers of AMD chips and may have been part of AMD chipsets for the past six years.

Investment firm Viceroy Research published a 25-page report on the issues after the company said it was anonymously emailed a copy of CTS' findings on Monday afternoon. The development of the Ryzen Chipset was actually outsourced to a Taiwanese company called ASMedia Technology, according to CTB-Labs.

Master Key allows for malware to bypass the Secure Processor firmware and allow for the processors to be infiltrated.

AMD has been notified and is looking into the issue: "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise", an AMD spokesman said.

The disclosure is the first release by Israeli security startup CTS Labs, which was founded previous year.

AMD has gotten a 24-hour notice, even though it's standard procedure to give the company a lot more time.

However, the disclaimer following the advisory states: "Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports".

On the other hand, AMD has neither confirmed nor denied that the exploits, mentioned in the report, do indeed exist and has only stated that it is investigating the exploits and prioritizes the security of its customers. Many big names in the security community have criticized the way the Israeli firm discovered and disclosed the flaws.

"Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public afaik), and their exploit code works", he tweeted. Hackers can exploit this to run the malware and can have direct access to a vulnerable computer as per the report published on Tuesday.

"The vulnerabilities allow malicious actors to install persistent malware inside the Secure Processor, running in kernel-mode with the highest possible permissions", the researchers wrote.

In a statement to Techpowerup, the firm said that it has sent out "complete research package" to AMD, Microsoft, HP, Dell, Symantec, FireEye, and Cisco Systems which includes full technical write-ups about the vulnerabilities, functional proof-of-concept exploit code along with the instructions detailing how to recreate the exploits.

Like this: