News Round-up

Computer Shopper - - CONTENTS -

New se­cu­rity flaws re­vealed in AMD pro­ces­sors, plus the tech­nique set to rev­o­lu­tionise graph­ics


AMD PRO­CES­SORS FROM the Ryzen PC and Epyc server range have been found to con­tain se­cu­rity flaws that open up the CPUs to hack­ing.

Is­raeli se­cu­rity firm CTS Labs found a to­tal of 13 flaws, which mostly af­fect the Se­cure Pro­ces­sor found in AMD’s CPUs. This is a co-pro­ces­sor that con­tains and con­trols a com­puter’s sen­si­tive data such as encryption keys and pass­words.

The bugs were placed into four cat­e­gories: Ryzen­fall, Fall­out, Master Key and Chimera, and all could al­low a hacker to cause havoc if ex­ploited.

Ryzen­fall al­lows a hacker to in­fect the Se­cure Pro­ces­sor with mal­ware that al­lows ac­cess to se­cured data. With that data the Win­dows Cre­den­tial Guard, de­signed to stop hack­ers from taking over a net­work, can be by­passed, al­low­ing for mal­ware to be spread to other con­nected ma­chines.

Fall­out works in a sim­i­lar fashion but only ap­plies to Epyc pro­ces­sors. It can break the vir­tu­alised bar­ri­ers that seg­re­gate a server’s net­work cre­den­tials from other parts of its mem­ory, mean­ing the flaw could al­low servers sup­port­ing, say, a cloud ser­vice be­come rid­dled with mal­ware.

Master Key al­lows for mal­ware to by­pass the Se­cure Pro­ces­sor’s firmware and al­low it to in­fect the se­cure boot process of a com­puter, which nor­mally checks to make sure a ma­chine hasn’t been fid­dled with. By ex­ploit­ing Master Key, hack­ers could take con­trol of pro­grams that run at startup and dis­able other se­cu­rity fea­tures on AMD’s pro­ces­sors. Used in con­junc­tion with Ryzen­fall, the flaw could al­low for data-snoop­ing mal­ware to be in­stalled on a com­puter and hide from de­tec­tion while it siphons sen­si­tive in­for­ma­tion.

The Chimera cat­e­gory pro­vides back­door vul­ner­a­bil­i­ties to both CPU hard­ware and firmware, which could be used to in­ject mal­ware into the Se­cure Pro­ces­sor, while re­main­ing un­de­tected by most end­point se­cu­rity tools and ser­vices.

CTS Labs’ re­searchers noted the flaws in the CPUs could put com­put­ers “at con­sid­er­able risk”, with the scope for hack­ers to “po­ten­tially en­gage in per­sis­tent, vir­tu­ally un­de­tectable es­pi­onage, ex­e­cuted from AMD’s Se­cure Pro­ces­sor and AMD’s chipset”.

Se­ri­ous stuff. And the re­searchers didn’t pull any punches: “It is our view that the ex­is­tence of these vul­ner­a­bil­i­ties be­trays dis­re­gard of fun­da­men­tal se­cu­rity prin­ci­ples.”

Af­ter a week or so of near silence, AMD said it had in­ves­ti­gated CTS Labs’ re­port and con­firmed the ex­is­tence of the flaws, adding that it would push out firmware up­dates to squash the bugs.

The chip­maker also pointed out that any at­tack­ers try­ing to ex­ploit the flaws would need ad­min­is­tra­tive ac­cess to a tar­geted com­puter. At that stage, they’d al­ready be in a po­si­tion to spread mal­ware and chaos through a “wide range of at­tacks at their dis­posal” with­out ex­ploit­ing the pro­ces­sor flaws.


ON THE SUR­FACE, this would seem like a straight­for­ward process of iden­ti­fy­ing flaws then rolling out of fixes akin to the way In­tel, AMD and oth­ers tack­led the Melt­down and Spec­tre bugs. But the plot to this tale is a lot thicker.

CTS Labs didn’t give AMD the tra­di­tional 90-day dead­line to tackle the holes, as is the stan­dard way of the cy­ber se­cu­rity com­mu­nity. This raised some eye­brows, es­pe­cially as CTS Labs noted that it has a vested in­ter­est in the per­for­mance of AMD, which sug­gested the com­pany had a short po­si­tion on the chip­maker’s stocks whereby it stands to profit if the com­pany’s share price falls.

Linux founder Li­nus Tor­valds was scep­ti­cal about CTS Labs’ ac­tions.

“When was the last time you saw a se­cu­rity ad­vi­sory that was ba­si­cally ‘if you re­place the BIOS or the CPU mi­crocode with an evil ver­sion, you might have a se­cu­rity problem’?” he said.

“I thought the whole in­dus­try was cor­rupt be­fore, but it’s get­ting ridicu­lous.”

This was given cre­dence in the ag­gres­sive lan­guage used in the white pa­per CTS Labs pub­lished, which pre­sented the flaws as a lot more dan­ger­ous than they re­ally are, given the need for ad­min­is­tra­tion ac­cess be­fore they can be ex­ploited. And the le­git­i­macy of CTS Labs it­self was brought into ques­tion, as it had popped up out of nowhere in 2017 and was re­port­ing on seem­ingly crit­i­cal flaws in the pro­ces­sors of an es­tab­lished chip­maker. While CTS Labs’ re­search was ver­i­fied by a third party – Dan Guido, of se­cu­rity firm Trail of Bits – it didn’t dis­close any technical de­tails of the flaws. CTS Labs said it has kept this quiet to give AMD and Mi­crosoft a chance to work on fixes.

The sit­u­a­tion looked to be erring into the realm of tech con­spir­acy un­til AMD, which had only said it was look­ing into the flaws and wasn’t aware of CTS Labs be­fore the re­port, re­vealed the flaws were le­git­i­mate.

If you’re run­ning a ma­chine with an AMD Ryzen or Epyc pro­ces­sor, there’s no real cause for con­cern un­less you know dodgy peo­ple with ad­min ac­cess to your ma­chine. Make sure you’re set to re­ceive firmware up­dates from AMD or your PC’s sup­plier, and don’t take all se­cu­rity re­ports at face value.

I thought the whole in­dus­try was cor­rupt be­fore, but it’s get­ting ridicu­lous” Li­nus Tor­valds

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.