A dozen or so gaps in the architecture of AMD processors have been detected!
Specialists from the Israeli company CTS-Labs announced the detection of thirteen gaps in the architecture of AMD processors, which can easily allow the hacking of the CPU and access to sensitive data. However, the information and the method of their publication arouse considerable controversy.
A dozen or so hours after presenting the results of the CTS-Labs Israeli investigation, we can confidently say that there are gaps in AMD processors. This is confirmed by the dangerous website specializing in cybersecurity, however, stating that using them means having physical access, administrator rights and digitally signed drivers. Most computer users should not be exposed to vulnerabilities unless they pass unauthorized access to their computers. The controversy is aroused by the way they are presented, which is definitely not in line with generally accepted standards. CTS-Labs gave only 24 hours to react on the part of AMD instead of the usual 90 days. Some facts related to the Israeli company and events accompanying the announcement are also suspect, for example, a report confirming the existence of vulnerabilities one hour after the presentation of CTS-Labs research results. It does not change the fact that the threat exists, though unlikely, that while maintaining the basic security standards it is used in relation to owners of computers with AMD processors.
The Meltdown and Specter gaps announcement, which mainly concerned Intel processors, was extremely outraged by all the owners of endangered equipment, i.e. those who had computers with the company’s chips manufactured after 1995. AMD effectively defeated the threat, arguing that the architecture of their processors does not allow these gaps to be put into practice. It turned out, however, that the “red” camp also came time, even faster than everyone thought.
Specialists from CTS-Labs have just presented the results of their research, thanks to which thirteen security holes in AMD processors from families EPYC, Ryzen Mobile, Ryzen Pro and Ryzen, and thus all those based on the AMD Zen architecture, have been discovered. To facilitate the diagnosis and ways of their operation, scientists divided them into four groups, differing in the possibilities of access to data. Four groups of threats The first one is Chimera – gaps in this group are based on the use of “holes” – in the context of firmware – network controllers allowing to get inside the X370 chipset using wireless Internet access. This way you can upload any malware or other malware to the PC interior. The second group of vulnerabilities is Fallout – it only applies to EPYC processors used in server solutions. Luka allows, among others to get quick access to the Secure Management RAM module in the CPU, which allows you to enter the server’s network structure. The attacks through the Ryzenfall vulnerabilities look quite similar, they refer to the processors from three Ryzen families. Here, the target is the Secure Management RAM module, but this time the gap allows you to transfer responsibility for its efficient operation from RAM located in the bones to the memory controller in the processor itself. If you can break the security, then the way to the inside of the CPU is open. The last group of vulnerabilities is Masterkey, related to the Ryzen and EPYC processors. In this case, you only need to download the malware to the BIOS in order to easily disable the Secure Boot function, which checks the correctness of operation and the security of our computer during startup. Effective attack of such a PC leads in a straight line to gain control over the system startup process.
Controversy related to the publication of the report
As it turns out, the case related to the disclosure of these threats is quite suspicious. All four groups have one thing in common – to take advantage of these vulnerabilities, the attacker must have administrator rights. According to David Kanter, an expert at Real World Technologies, “it’s like someone broke into the house and set up cameras to track the residents’ movements without wreaking havoc.” In the technological environment there is also a generally accepted rule that the publication of the activity of gaps and errors occurs after 90 days from informing the equipment manufacturer about them, giving the opportunity to correct these errors. In this case, not even 24 hours have passed, so wonder the incredible hurry CTS-Labs associated with the disclosure of these revelations.
The errors detected by the Israeli people were also not identified with CVE identification numbers, which is a standard operation in the determination of serious errors. Many people also doubt the CTS-Labs’ intentions – the note is included in the information about threats, according to which the company “may have a direct or indirect economic interest related to the quality of security of companies that are the subject of this report.” We read on the company’s website that it was founded in 2017, while the company profile on LinkedIn mentions, in turn, the company’s 16-year experience in the work on cybersecurity. So you can talk about a lot of inaccuracies. In addition – until today – the previous achievements of the Israeli company have not been quoted by any online medium.
Internet users’ attention was drawn by the fact that the YouTube channel, on which the above mentioned video was published, was founded only three days ago, while the second of the materials presenting the statements of CTS-Labs employees was prepared very carelessly, using the so-called green screen and public photos on the web. The competences of the company are also undermined by quite a curious issue – an enterprise dealing with security in the network, apparently can not take care of it in its own interest. The CTS-Labs website does not use the encrypted HTTPS protocol, which is still a valid standard.
The report from Viceroy Research was also supposed to confirm the content of Israeli researchers’ research – a 25-page document was published an hour after the revelations from CTS-Labs, which raises suspicions that both companies had to cooperate with each other. In addition, the representative of the company responsible for the second report was to be a guest of the TV program at the CNBC station on the subject of vulnerabilities in AMD processors, but the interview was canceled for unknown reasons.
The company from Sunnyvale has already published a statement in which it argues that “information obtained from CTS-Labs is actively analyzed, and the priority is to eliminate any threats as soon as possible and ensure the safety of their processors.” Time will show what steps AMD will take in the longer term, because the issue is very developmental.