New security flaws revealed in AMD processors, plus the technique set to revolutionise graphics
AMD PROCESSORS FROM the Ryzen PC and Epyc server range have been found to contain security flaws that open up the CPUs to hacking.
Israeli security firm CTS Labs found a total of 13 flaws, which mostly affect the Secure Processor found in AMD’s CPUs. This is a co-processor that contains and controls a computer’s sensitive data such as encryption keys and passwords.
The bugs were placed into four categories: Ryzenfall, Fallout, Master Key and Chimera, and all could allow a hacker to cause havoc if exploited.
Ryzenfall allows a hacker to infect the Secure Processor with malware that allows access to secured data. With that data the Windows Credential Guard, designed to stop hackers from taking over a network, can be bypassed, allowing for malware to be spread to other connected machines.
Fallout works in a similar fashion but only applies to Epyc processors. It can break the virtualised barriers that segregate a server’s network credentials from other parts of its memory, meaning the flaw could allow servers supporting, say, a cloud service become riddled with malware.
Master Key allows for malware to bypass the Secure Processor’s firmware and allow it to infect the secure boot process of a computer, which normally checks to make sure a machine hasn’t been fiddled with. By exploiting Master Key, hackers could take control of programs that run at startup and disable other security features on AMD’s processors. Used in conjunction with Ryzenfall, the flaw could allow for data-snooping malware to be installed on a computer and hide from detection while it siphons sensitive information.
The Chimera category provides backdoor vulnerabilities to both CPU hardware and firmware, which could be used to inject malware into the Secure Processor, while remaining undetected by most endpoint security tools and services.
CTS Labs’ researchers noted the flaws in the CPUs could put computers “at considerable risk”, with the scope for hackers to “potentially engage in persistent, virtually undetectable espionage, executed from AMD’s Secure Processor and AMD’s chipset”.
Serious stuff. And the researchers didn’t pull any punches: “It is our view that the existence of these vulnerabilities betrays disregard of fundamental security principles.”
After a week or so of near silence, AMD said it had investigated CTS Labs’ report and confirmed the existence of the flaws, adding that it would push out firmware updates to squash the bugs.
The chipmaker also pointed out that any attackers trying to exploit the flaws would need administrative access to a targeted computer. At that stage, they’d already be in a position to spread malware and chaos through a “wide range of attacks at their disposal” without exploiting the processor flaws.
ON THE SURFACE, this would seem like a straightforward process of identifying flaws then rolling out of fixes akin to the way Intel, AMD and others tackled the Meltdown and Spectre bugs. But the plot to this tale is a lot thicker.
CTS Labs didn’t give AMD the traditional 90-day deadline to tackle the holes, as is the standard way of the cyber security community. This raised some eyebrows, especially as CTS Labs noted that it has a vested interest in the performance of AMD, which suggested the company had a short position on the chipmaker’s stocks whereby it stands to profit if the company’s share price falls.
Linux founder Linus Torvalds was sceptical about CTS Labs’ actions.
“When was the last time you saw a security advisory that was basically ‘if you replace the BIOS or the CPU microcode with an evil version, you might have a security problem’?” he said.
“I thought the whole industry was corrupt before, but it’s getting ridiculous.”
This was given credence in the aggressive language used in the white paper CTS Labs published, which presented the flaws as a lot more dangerous than they really are, given the need for administration access before they can be exploited. And the legitimacy of CTS Labs itself was brought into question, as it had popped up out of nowhere in 2017 and was reporting on seemingly critical flaws in the processors of an established chipmaker. While CTS Labs’ research was verified by a third party – Dan Guido, of security firm Trail of Bits – it didn’t disclose any technical details of the flaws. CTS Labs said it has kept this quiet to give AMD and Microsoft a chance to work on fixes.
The situation looked to be erring into the realm of tech conspiracy until AMD, which had only said it was looking into the flaws and wasn’t aware of CTS Labs before the report, revealed the flaws were legitimate.
If you’re running a machine with an AMD Ryzen or Epyc processor, there’s no real cause for concern unless you know dodgy people with admin access to your machine. Make sure you’re set to receive firmware updates from AMD or your PC’s supplier, and don’t take all security reports at face value.
I thought the whole industry was corrupt before, but it’s getting ridiculous” Linus Torvalds