Flaws in AMD chips make hacks worse

Adjust Comment Print

By exploiting the FALLOUT flaws, attackers could steal network credentials protected by the Windows Credential Guard and could disable BIOS flashing protections, allowing for the exploitation of the MASTERKEY flaws on systems where BIOS flashing is blocked, CTS Labs said. However, the short disclosure time means that AMD itself is still trying to confirm whether the vulnerabilities are real. "This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings", said the statement. But to be clear, the vulnerabilities may indeed be legit.

Third-party researchers said the flaws are genuine, with New York-based Trail of Bits saying it had verified CTS' findings under an arrangement for which Reuters reports CTS paid $16,000 (£11,500).

The allure of wall-to-wall coverage from technology media, particularly after high-profile, highly-produced vulnerability disclosures such as Meltdown and Spectre, Heartbleed, and POODLE may be attracting groups with ulterior motives, as shown by the highly irregular release of a series of exploits which affect AMD's EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile processors.

The most serious flaw deals with a security protection built into the processors. CTS-Labs says the malicious actor first needs to have admin access to the device.

All of the described attacks require hackers to first gain the ability to execute malicious code on affected AMD systems with administrative privileges.

Appropriate to its name, Ryzenfall affects Ryzen chipset products from AMD.

Fortunately, there is some good news.

The vulnerabilities require root-level operating system access to exploit and could allow attackers to access sensitive information. This can be done if the attacker can trick you into installing some malware.

A high-level description of the flaws has been published on a website and in a white paper by researchers from a little-known security company called CTS-Labs, but the full technical details haven't been released yet. This will help prevent hackers from exploiting the flaws. "Producing a workaround may be hard and cause undesired side-effects". The 33-page document itself raises questions, as it was published within hours of the disclosure by CTS.

"Firmware vulnerabilities such as Masterkey, Ryzenfall and Fallout take several months to fix". Chimera specifically goes after the Promontory chipset, which was created by ASMedia and not AMD directly, and CTS is pointing out security issues ASMedia has had as the basis for this vulnerability. According to CTS Labs, it has still not heard anything from AMD, and researchers claim it could take months to fix the vulnerabilities, notes CNET. The company's website provides no details on the microcode affected, which is a standard procedure found in all other security disclosures. "In particular, we urge the community to pay closer attention to the security of AMD devices". Jon Bottarini, a technical program manager at bug bounty program provider HackerOne, said the incident has been a case study in "what not to do" when it comes to reporting security vulnerabilities.

Researchers at CTS Labs issued a security advisory on vulnerabilities inside processors made by Advanced Micro Devices (AMD) just 24 hours after notifying the company.

The vulnerabilities were disclosed on Tuesday by CTS Labs. Also, the report that was made public lacked proof-of-concept for the security exploits. "This situation should not be happening", wrote Kevin Beaumont, a UK-based security expert, in a blog post.