13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Discussion in 'AMD Processors' started by ir0nw0lf, Mar 13, 2018.

  1. ir0nw0lf

    ir0nw0lf [H]ardness Supreme

    Messages:
    6,032
    Joined:
    Feb 7, 2003
    Just saw this over at TPU:

    https://www.techpowerup.com/242328/...d-in-amd-zen-architecture-including-backdoors

    First two paragraphs:
     
  2. Chimpee

    Chimpee Gawd

    Messages:
    995
    Joined:
    Jul 6, 2015
    I read that on CNET, dick move on CTS-Labs giving AMD 24 hours to address it. Reading from CNET, seems like a lot of the issue is a PEBKAC.
     
    Algrim likes this.
  3. DeChache

    DeChache The ONE - Your Ignorance Annoys Me

    Messages:
    6,705
    Joined:
    Oct 30, 2005
    From what I've read this is a smear job by a shell company. There are no CVE's the whitepaper is incredibly vague. It includes ground breaking issues such as allowing somebody rights to flash firmware is bad and someone with admin rights can steal information.

    I won't go as far as saying this isn't true but I will say there is something fishy about all of this.
     
    Vader1975, Darth Kyrie and griff30 like this.
  4. Deke

    Deke 2[H]4U

    Messages:
    2,123
    Joined:
    Jun 23, 2000
    Well, this is a bit of a shocker.

    Website: amdflaws.com

    Link to white paper: https://safefirmware.com/amdflaws_whitepaper.pdf

    Viceroy Research Report: AMD - The Obituary. https://viceroyresearch.org/2018/03/13/a...-obituary/

    Viceroy also states that their price target for AMD is $0. Stock unmoved so far by this.


    I’m more than a bit sceptical. We’ll see how this plays out.

    Edit: Apparently AMD was given 24 hours notice. I don't recall ever seeing anything like this before. Something seems off about this, to say the least.
     
    Last edited: Mar 13, 2018
  5. Dermac

    Dermac Limp Gawd

    Messages:
    151
    Joined:
    May 6, 2005
    Cool, any guesses for how long it takes for the League of Intel Evangelists to chime in?
     
    Darth Kyrie and griff30 like this.
  6. DeChache

    DeChache The ONE - Your Ignorance Annoys Me

    Messages:
    6,705
    Joined:
    Oct 30, 2005
    I honestly think somebody is trying to buy out AMD and this is an effort to tank their value for a hostile takeover.
     
    Vader1975 and griff30 like this.
  7. Perilous

    Perilous Gawd

    Messages:
    966
    Joined:
    Oct 10, 2009
    Nvidia after the fallout from GPP.
     
    Vader1975 and griff30 like this.
  8. somebrains

    somebrains Limp Gawd

    Messages:
    370
    Joined:
    Nov 10, 2013

    A move like that would be dumber than keying a black and white in front of a police station.

    It's easy to track, and different details would be trampling each other to take jurisdiction over the case.

    You get a softball in the bag like that for a promotion over your explicitly stated top pay grade.
     
  9. Montu

    Montu [H]ard DCOTM x4

    Messages:
    7,633
    Joined:
    Apr 25, 2001

    If I were a betting man I'd say it will take about as long as it took the ADF to show up when Meltdown hit the streets.
     
    Hakaba likes this.
  10. griff30

    griff30 I Lower the Boom!

    Messages:
    8,604
    Joined:
    Jul 15, 2000
    Fake News.
    Those Codes ALL need local access.
    MEANING : You let them on your computer physically on your keyboard.

    So yeah it's like they "caught" someone fucking their wife:
    Only the cucks encouraged the guy and they drugged the wife.
     
  11. _mockingbird

    _mockingbird Gawd

    Messages:
    614
    Joined:
    Feb 20, 2017
  12. Nobu

    Nobu [H]ard|Gawd

    Messages:
    1,830
    Joined:
    Jun 7, 2007
    Yeah, read this the other day. I'm keeping my eyes open for more details, but I imagine AMD will remain tight lipped (other than "they're looking into it") until they find anything and determine if a solution is available and workable.
     
  13. bobzdar

    bobzdar [H]ard|Gawd

    Messages:
    1,427
    Joined:
    Jun 6, 2003
    Any coincidence these guys are located in the same place a major Intel r&d site is?
     
    Darth Kyrie, cpuspeed and griff30 like this.
  14. griff30

    griff30 I Lower the Boom!

    Messages:
    8,604
    Joined:
    Jul 15, 2000
    More like ignore it as it is only a problem if a company is run by fucktards that allow ex-employees to keep admin access to thier servers.



    It's a nothing burger.
     
  15. _mockingbird

    _mockingbird Gawd

    Messages:
    614
    Joined:
    Feb 20, 2017
  16. Nobu

    Nobu [H]ard|Gawd

    Messages:
    1,830
    Joined:
    Jun 7, 2007
    They still have an obligation to investigate the claims in order to protect their shareholders, and possibly their customers.
    Sounds like grounds for an insider trading lawsuit, though not being a lawyer, I don't know precedent for such a case.
     
  17. NKD

    NKD [H]ardness Supreme

    Messages:
    6,461
    Joined:
    Aug 26, 2007
    is this shit even legal? They got anonymous email about this and they took a short position? Fuckin looks like insider trading to me. May be they went around it but all this is shady as fuck. Seems like shit is so funded by pro intel crowd, not to mention intel is big in isreal. Oh yea give someone access to your computer and then complain about getting hacked? Thats what this is about? ROFL!
     
    griff30 likes this.
  18. Gideon

    Gideon [H]ard|Gawd

    Messages:
    1,604
    Joined:
    Apr 13, 2006
    Yet that is likely what happened. Someone tried to manipulate the stock market through a sham company.
     
    cpuspeed and griff30 like this.
  19. NKD

    NKD [H]ardness Supreme

    Messages:
    6,461
    Joined:
    Aug 26, 2007
    ROFL. Look at the way they word things.

    AMD Ryzen Chipset
    Outsourced Chip Design Contains Backdoors


    clearly they are wording it as to diminish them. I mean its not like intel doesn't outsource right? rofl. They could have been more professional and said chip desgin contains backdoor. haha
     
  20. Mav451

    Mav451 [H]ardness Supreme

    Messages:
    4,365
    Joined:
    Jul 23, 2004
    This seems almost too easy. If there's such a universal rebuttal in the hardware community, why bother with the ruse at all?
     
    griff30 likes this.
  21. Nobu

    Nobu [H]ard|Gawd

    Messages:
    1,830
    Joined:
    Jun 7, 2007
    If they're based outside the US, then legal action (by a US entity) becomes more tricky. There is a possibility that no legal action will be taken, in which case they stand to earn great profits from the inevitable bump such a story would make in the stock price (down, and then back up as it recovered, in this case). Probably worst case, their puppit company gets sued for all they're worth, and they break even (minus operating costs). That's the most obvious motive, and it appears that various circumstances support the theory.
     
    OrangeKhrush likes this.
  22. Gideon

    Gideon [H]ard|Gawd

    Messages:
    1,604
    Joined:
    Apr 13, 2006
    Cause a small reaction in stock price before the media can correct it, could possibly turn into millions on short sales.
     
  23. {NG}Fidel

    {NG}Fidel [H]ardness Supreme

    Messages:
    6,354
    Joined:
    Jan 17, 2005
    fucking wow...
    and requires root access...Dont get me wrong, patch it if true, but thats not really vulnerable at that point if you are fucking root.
     
    Darth Kyrie likes this.
  24. _mockingbird

    _mockingbird Gawd

    Messages:
    614
    Joined:
    Feb 20, 2017
    Well, here is something:

    The company changed its name from Flexagrid Systems Inc. to Catenoid Security then to CTS-Labs

    1aw3gXG.png
    6PSWGZ4.png
     
  25. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,320
    Joined:
    Dec 15, 2016
    Basically everyone is calling this one BS, seems like ulterior motives at play here. List intrusions that are possible on any system that is hacked, welcome to the world of cyber crimes.

    The last tiem I saw anything this shady it was Discovery's Shark Week hoopla on Megalodon sightings that was buy a FUD specialist repeated over and over, DIscovery bit the bullet and called it a lie.

    The lack of detail is astounding, and we are to believe guys that use green screens to fake an office. Cool story.
     
    Master_shake_ and griff30 like this.
  26. deton8

    deton8 Limp Gawd

    Messages:
    313
    Joined:
    Sep 27, 2007
    This scheme seems of dubious legality.
     
  27. pfc_m_drake

    pfc_m_drake [H]ard|Gawd

    Messages:
    1,120
    Joined:
    Jan 7, 2004
    Well, let's be fair. There was the whole 'vaccines cause autism' thing.

    Ultimately I'd like to know (soon) whether there are any real vulnerabilities that I need to be concerned with, since I just built 3 Ryzen APU based HTPCs. Sounds like probably not, but the real 'news' (if any) is getting washed away by the stock manipulation/short sale/hostile takeover aspect.
     
  28. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,320
    Joined:
    Dec 15, 2016
    You can assume there are probably intrusions linked to spectre based breaks however these are addressed regularly by all parties. This is a pure laughable attempt at sabotage. I would bring them to book and squeeze them while under oath in the dock, this will be uncovered to be an elaborate scheme.

    Viceroy have a history of sabotage recently in my Country so I would be very cautious about this type of article and their sources are shocking to say the least.
     
    Darth Kyrie and pfc_m_drake like this.
  29. sirmonkey1985

    sirmonkey1985 [H]ard|DCer of the Month - July 2010

    Messages:
    20,329
    Joined:
    Sep 13, 2008
    lol i remember that shit(almost all the information from that was taken word for word out of the book called "Meg" which was a great book to begin with) and then discovery did it again recently with the Amelia Earhart shit and realized it was totally fake when some one found the original photo the whole show was based on so they cut the series short.
     
    OrangeKhrush likes this.
  30. cpuspeed

    cpuspeed Limp Gawd

    Messages:
    272
    Joined:
    Oct 7, 2008
    so can we call this leveraged short and distort scam but perpetrators based in Isreal so beyond the reach of law episode over now?
     
  31. Chimpee

    Chimpee Gawd

    Messages:
    995
    Joined:
    Jul 6, 2015
    Who knows if CTS-Lab or Viceroy Research is actually based in Israel, whole thing is shady.
     
  32. cpuspeed

    cpuspeed Limp Gawd

    Messages:
    272
    Joined:
    Oct 7, 2008
    well CTS-lab is in tel-aviv. viceroy research seems the main culprit and they've done this before using social media to tank stocks. previous lawsuit against them has them disclosing they are three guys from new york, which may be a lie. either way I think this is the highest profile company they've done this too so hopefully on law enforcements radar now.
     
    Chimpee likes this.
  33. _mockingbird

    _mockingbird Gawd

    Messages:
    614
    Joined:
    Feb 20, 2017
    Viceroy Research makes money from short-selling, then spreading false information and tanking stocks

    https://www.businesslive.co.za/bd/c...y-research-names-its-new-target-capitec-bank/

    25us9ra.png
     
  34. Nightfire

    Nightfire Gawd

    Messages:
    810
    Joined:
    Sep 7, 2017
  35. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,172
    Joined:
    Feb 22, 2017
    So the security flaws are confirmed



    And they aren't flaws exploiting complex security holes, but exploiting basic mistakes:

     
    Last edited: Mar 14, 2018
  36. thebufenator

    thebufenator Gawd

    Messages:
    927
    Joined:
    Dec 8, 2004
    THERE HE IS.

    Wondered how long it would take.

    You missed the fact that the "flaws" require local access and/or administrative privs right?
     
    Ranulfo likes this.
  37. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,172
    Joined:
    Feb 22, 2017
  38. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,172
    Joined:
    Feb 22, 2017
    I didn't, neither missed that "if an unauthorized user is able to gain the required administrative access, these exploits could allow them to place a backdoor on the system that would be undetectable without extensive analysis and could require hardware replacement as a mitigation."
     
  39. Nobu

    Nobu [H]ard|Gawd

    Messages:
    1,830
    Joined:
    Jun 7, 2007
    Some might call that a feature... or a rootkit.
     
  40. NKD

    NKD [H]ardness Supreme

    Messages:
    6,461
    Joined:
    Aug 26, 2007
    Rofl? Any security company that gives the manufacturer 24 hours to react has no credibility. They are doing only one thing and that is spreading fud. Yea I’ll give you access to my intel computer and I am sure you could infect it. Lol. If a company can’t secure their admin rights they will get hacked whether it’s intel or amd.
     
    Darth Kyrie likes this.