13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Discussion in 'AMD Processors' started by ir0nw0lf, Mar 13, 2018.

  1. Vyedmic

    Vyedmic Limp Gawd

    Messages:
    222
    Joined:
    Jul 20, 2007
    It would be a brilliant marketing move if this came from AMD.... :phantom:
     
    juanrga likes this.
  2. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    12,082
    Joined:
    Jun 13, 2003
    I'm getting two things here:

    That the flaw allows undetectable (or nearly so) hooks into a system to be installed, and that while some Intel boards use ASMedia parts to add features, AMD uses ASMedia for the whole chipset. Which means that the flaw will likely be significantly harder to mitigate.
     
    juanrga likes this.
  3. Araxie

    Araxie [H]ardness Supreme

    Messages:
    6,386
    Joined:
    Feb 11, 2013
  4. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,523
    Joined:
    Dec 15, 2016
    Linus, Kanter and Walrath all state that the exploits have occurred where admin rights were mitigated, while flaws they were on compromised machines, the methodology is not realistic as the bypass requires local access to admin account or backdoors which cause the user to default on admin settings which again can be done on Intel CPU's as easily as they can on AMD, this is more a negligence scenario rather than a Meltdown/Spectre ghost intrusion type flaw.

    The Romanian guy Juan is clinging to suggests there is a fault in the method of testing which suggest to fall in line with Jon Walraths opinion on the subject which Kyle Bennett sourced.

    This is what I will call a fixed flaw, putting the system into a situation where it is unrealistically bypassed.

    so far from credible sources the issue is basically a non issue and I think if AMD trace CTS there will be a massive legal dispute which I would suggest to the two Israeli's to run back home and hide, they have falsified a position to short investors and tarnish the reputation of a company that is performing well within the bounds of ethics.
     
    N4CR, Pieter3dnow and Darth Kyrie like this.
  5. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,550
    Joined:
    Feb 22, 2017
  6. pendragon1

    pendragon1 [H]ardForum Junkie

    Messages:
    14,359
    Joined:
    Oct 7, 2000
    aren't those the other guys that are in question?
     
  7. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,550
    Joined:
    Feb 22, 2017
    You can side with whoever you want. I can understand Linus is unaware that Microsoft Security is working in the flaws, but it is very funny that Linus still pretends this is a "scam" from CTS-labs, when all the material (including PoCs) is on the hands of AMD since last Monday. If it was a scam, AMD had denounced it time ago...

    This is the second time you attack me, except the other time you did in a PM sent to me. Re-read the whole conversation and pay attention to the last PM I sent you.
     
  8. vick1000

    vick1000 [H]ard|Gawd

    Messages:
    1,923
    Joined:
    Sep 15, 2007
    How can you know this when CTS has not released the details of the exploits, except to a few large firms and one third party tester? At least according to the Anandtech conference call.
     
  9. Crosshairs

    Crosshairs Administrator Staff Member

    Messages:
    23,832
    Joined:
    Feb 3, 2004
    Make you case with facts or put the person on ignore, but knock off the name calling and insults or bans will be coming.
     
  10. FearTheCow

    FearTheCow [H]ardness Supreme

    Messages:
    4,758
    Joined:
    May 2, 2006
    Fact: these exploits are un-proven.

    Fact: these exploits require access that would allow someone to exploit a system no matter what hardware is installed.

    Fact: CTS did not follow industry standards and give AMD a chance to address these supposed exploits before releasing them.

    Fact: CTS informed the press and a company known for shady business practices involving shorting companies stocks while releasing negative press releases, said company is also associated with CTS.

    Fact: in an interview previously linked, CTS gave conflicting answers, evaded others, and out right lied.

    Edit:
    Fact: the one company used to "verify" the exploits was paid to do so, creating a conflict of interest.

    Fact: CTS put a disclaimer that their findings were opinions and not statements of fact.

    Just to reiterate, any system that these thereoritical and non proven exploits can be used on, requires access that makes basically any system vulnerable. Further, the Asmedia chips allowing the supposed exploits have been, and are, used in millions of Intel systems which CTS did not disclose.

    So please feel free to factually prove these exploits actually exist, that if these exploits are real, that they are llimited to AMD.
     
    Last edited: Mar 17, 2018
  11. CaptNumbNutz

    CaptNumbNutz Bulls[H]it Master

    Messages:
    20,295
    Joined:
    Apr 11, 2007
    That's Dan Guido's company. The same security expert whose twitter feed you've already quoted a few times. So far he's the only 3rd party they've shared the info with according to the Anandtech conference call.
     
    pendragon1 likes this.
  12. atp1916

    atp1916 [H]ard|DCoTM x1

    Messages:
    3,697
    Joined:
    Jun 18, 2004
    If i have ever seen a scumbag move, this has to take the cake.
     
    Darth Kyrie likes this.
  13. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,550
    Joined:
    Feb 22, 2017
    No. In #65 I gave a tweet from Alex Ionescu. Then bb_forrest replied to my post in his message #73, recognizing Ionescu is a security expert and requiring me to mention more experts. In my reply #85 I gave him the link to Dan Guido's blog explaining the AMD flaws.

    So two experts confirmed CTS-labs findings. And as said in my reply to him, there are more.
     
    Last edited: Mar 19, 2018
  14. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,209
    Joined:
    Dec 8, 2004
    And what exactly did Alex say?

    He certainly did not confirm what CTS says.
     
  15. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,550
    Joined:
    Feb 22, 2017
    Not only he confirmed that the flaws are real, but he also criticized to those diminishing the problem:

     
  16. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,209
    Joined:
    Dec 8, 2004
    Let me help you.

    He stated, "Admin-level access and persistance are legitimate threats in multi-tenant IaaS [Infrastructure-as-a-Service] and even things such as VTL0/1 (Credential Guard) when firmware and chipset trust boundaries are broken,"

    and, "I have seen the technical details and there are legit design & implementation issues worth discussing as part of a coordinated disclosure effort."


    NOWHERE does he state the "flaws" are as bad as CTS and people such as yourself are making them out to be.

    Intel has a host of security problems with it's management engine but you seem to forget that. -- https://www.wired.com/story/intel-management-engine-vulnerabilities-pcs-servers-iot/

    The Intel vuln allows privesc and the possibility of remote exploitation. But who gives a shit when we can talk about AMD amiright?
     
  17. SighTurtle

    SighTurtle [H]ard|Gawd

    Messages:
    1,412
    Joined:
    Jul 29, 2016
    It took Trail of Bits 4-5 days to confirm CTS's findings according to Anandtech, so we should probably expect a reply from AMD Monday or Tuesday.
     
  18. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,550
    Joined:
    Feb 22, 2017
    False. Several security experts have confirmed the flaws exist and the PoCs develoed by CTS-labs work as described on AMD Zen-based hardware.

    False. Those flaws are characterized by properties such as persistency and stealth, which are absent in non-Zen hardware.

    Correct that CTS-labs followed a non-standard disclosure procedure. They have explained many times why they don't like the standard procedure. And of course they don't like the standard procedure for any company, not only for AMD. What is more they want rest of security researchers to follow their procedure when disclosing vulnerabilities for any company.

    False that AMD wasn't given "a change". CTS-labs eliminated all the relevant technical details from the public announcements and the public version of paper, whereas sent AMD and others all the technical details, including PoCs. So CTS-labs has combined a fast public announcement with the hiding of the key information to avoid putting users at risk. until AMD and rest of involved companies develop the needed patches and mitigations.

    CTS-labs confirmed they will make public the full details once these companies come out with patches and mitigations.

    False. The only fact is that Viceroy report was published after CTS-labs published its findings. Due to the short delay between both publications, some people has speculated that Viceroy had the CTS-labs paper before publication. From here other people adds more speculation and claims that CTS-labs gave the paper to Viceroy, but CTS-labs negated it.

    CTS-labs sent the security material to multiple hardware/software companies before the public announcement. Some other people speculates that someone from those companies could have shared the paper with Viceroy.

    I can also play the game of developing crazy conspiracy 'theories'. I can use what Vyedmic said in #81 as baseline for my own speculation. AMD got the material before the public announcement. Someone at AMD could have given the paper to Viceroy as part of smart defense strategy to divert the media attention and pretend this is only a stock manipulation move without technical foundation to minimize the financial impact of those security findings. See? Anyone can invent crazy conspiracy 'theories'. The problem is on proving they are true.

    Of course, I cannot prove my crazy conspiracy theory, just as others cannot prove their. But I don't care about conspircy theories. I care about facts, and fortunately the media starts to focus on the facts:

    So if some of you guys want to continue discussing conspiracies and stock manipulation, you can do it, but allow others of us to focus on the security flaws.

    Yeah, because it is the first time that a company gives conflicting answers, evade questions, and lie. LOL. In the PR thread I mentioned as Gary Patton gives contradictory answers about 12LP or how GF lies when names "7nm" to their next node. No one of your shared any doubt about the existence of 12LP or 7LP. But the standard is another when talking about CTS-labs. True?

    False. The flaws have been verified by other people, including Alex Ionescu, who got not payment





    Moreover, It is really hilarious that you accuse of conflict of interest to a company as Trail of Bits, which simply got payment for their work (they would got their payment equally if they had refuted the findings from CTS-labs), still you will not accuse AMD when they come to us with a public statement about those security flaws. Am I right that you will not mention conflict of interest?

    This is legal jargon. The flaws have been confirmed by people outside CTS-labs.

    First point is false and refuted above.

    Second point is false as well. Those ASMedia chips used in some old mobos for Intel (AMD or any other company) are used for controlling the USB ports or PCIe ports. So those systems could only suffer some version of the Chimera attack. And I wrote "could", because the only presence of the affected ASMedia chips is a needed but not sufficient condition.

    It is a fact that no one has demonstrated that Chimera-like attacks exist on Intel mobos with the affected chipsets.

    However, the real problem is on AMD using those ASMedia chips as part of the secure processor:

    That is a reason why Ryzenfall flaw isn't named CoffeeLakeflaw, for instance.

    There is no reason to prove things have been proven. I will keep this summary post as reference for the future when someone pretends again that no one has proven that the PoCs work or that this affect Intel as well...
     
  19. FearTheCow

    FearTheCow [H]ardness Supreme

    Messages:
    4,758
    Joined:
    May 2, 2006
    Edit: not worth it, it's obvious any real discussion with facts is drowned out by sheer amounts of bullshit.
     
    Last edited: Mar 18, 2018
    Darth Kyrie and pendragon1 like this.
  20. Mega6

    Mega6 [H]ard|Gawd

    Messages:
    1,971
    Joined:
    Aug 13, 2017
    Fake News wins again.
     
    Master_shake_ likes this.
  21. sinisterDei

    sinisterDei Gawd

    Messages:
    898
    Joined:
    Dec 1, 2004
    After all the reading I've done, especially the interview with CTS posted over on AT, I'm sure these vulnerabilities exist and that they are serious and warrant the attention of both security folks and AMD themselves.

    However, I'm equally sure that they were presented in the fashion they were for the benefit of CTS's unnamed customer, or for their own self-promotion, rather than genuine desire to see the security of the global computing environment improved. Between the lack of notice given to AMD, the apparent pre-briefings given to select press agencies, lack of CVE/US-CERT involvement, the doom and gloom language used to describe the vulnerabilities by CTS (the "this is probably as bad as it gets in the world of security" quote in particular), and the very melodramatic names given to the vulnerabilities themselves, it all just smacks of someone who seemed intent on presenting the most damaging set of headlines to AMD possible. This attitude would exist for *someone's* benefit, and it certainly doesn't feel like it was done for the good of the community at large. The contrast to the presentation of Meltdown/Spectre is incredibly stark.
     
    Darth Kyrie and CaptNumbNutz like this.
  22. pendragon1

    pendragon1 [H]ardForum Junkie

    Messages:
    14,359
    Joined:
    Oct 7, 2000
    I like how CTS is trying to dictate how things are done going forward, "youre doing it wrong, do it my way" from a couple dudes in a shack.
     
    Darth Kyrie and Master_shake_ like this.
  23. Gideon

    Gideon 2[H]4U

    Messages:
    2,333
    Joined:
    Apr 13, 2006
    You folks would be better off to put him on permanent ignore and let him talk to himself. Unless you like arguing with alternative facts.
     
  24. CaptNumbNutz

    CaptNumbNutz Bulls[H]it Master

    Messages:
    20,295
    Joined:
    Apr 11, 2007
    Re-mentioning the same security expert that started all of this, one that everyone already knows about, is not mentioning "more experts". He's a known quantity at this point. It's not adding to your list of experts when he was already the first person on the list.
     
    N4CR and Darth Kyrie like this.
  25. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,523
    Joined:
    Dec 15, 2016
    It is not legal jargon, an opinion as opposed to statement has two very different legal consequences in the event of being incorrect, the opinion is an attempt at waiving warranty/guarantee or the factual correctness of the claims, a statement is a clear guarantee that the information therein is true and any irregularities resulting in loss can be contested in respect to damages.

    It is a breach of policy that is unethical in standard practice, going with how they personally attack AMD and how they departed from the principles of the industry then you look at how both directors are hedge fund beneficiaries of Viceroy, this is a gross violation, they also did not test exploiting Intel systems and thus makes it an intentional attack on AMD's stocks for personal gains. They used a hacked OS to test this and fixed the results to come up with positive results, their methods have been rightly criticized as contra bonos mores
     
  26. bb_forrest

    bb_forrest n00b

    Messages:
    38
    Joined:
    Mar 1, 2017
    Interesting how Juanrga misconstrues words, I never acknowledged that the person he quoted was a security expert, I said that he used a plural term and only quoted 1.

    I really don't understand what he is trying to achieve with the constant "Intel are the dogs bollocks, AMD are shit" rhetoric? If he isn't paid by Intel then it's just bizarre.

    In my case, I'm upgrading my PC this year at some point - an old i5-2500K, I'm now definitely buying Zen+ just because it will piss him off and I can state that the security problems he goes on about will not affect me.
     
    N4CR, Master_shake_, Dermac and 3 others like this.
  27. sirmonkey1985

    sirmonkey1985 [H]ard|DCer of the Month - July 2010

    Messages:
    21,587
    Joined:
    Sep 13, 2008

    gave up trying to tell people that.. i think they enjoy losing brain cells reading the garbage he posts.
     
    Darth Kyrie likes this.
  28. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,550
    Joined:
    Feb 22, 2017
    Amusing how you guys insist on that Dan Guido and Alex Ionescu are the same person.

    So it is legal jargon. ;)

    The flaws of the AMD secure processor are exclusive to AMD. E.g no Intel system can be affected by Ryzenfall, because no Intel system uses AMD secure processor...

    Flaws such as Chimera could be present on Intel systems whose boards use affected ASMedia chipsets for USB controller. CTS labs tested Intel-based systems "made by HP, Dell, Lenovo, etc. and they were not affected".
     
  29. juanrga

    juanrga Pro-Intel / Anti-AMD Just FYI

    Messages:
    2,550
    Joined:
    Feb 22, 2017
    Ooops! When you wrote "Security Experts? Well, that's one" I believed that you had identified to Alex Ionescu and then asking me for more experts. I supposed you were familiar with him being a well-known security expert. It is interesting that you seem so worried by my mistake, when I think my mistake was favoring you, but don't worry, I have edited my post to make clear you didn't acknowledge anything. My post now reads:

     
  30. CaptNumbNutz

    CaptNumbNutz Bulls[H]it Master

    Messages:
    20,295
    Joined:
    Apr 11, 2007
    I find it amusing you managed to come up with that conclusion when I never once said or even implied that.

    He must have one helluva reputation for doing that already if he's got this entire forum and Linus Torvalds calling him out. It's ashame because he does occasionally have decent info to share, but it always comes with some spin.
     
    Last edited: Mar 19, 2018
  31. Gideon

    Gideon 2[H]4U

    Messages:
    2,333
    Joined:
    Apr 13, 2006
    Where did Linus call him out at? Would be hilarious to see.
     
  32. CaptNumbNutz

    CaptNumbNutz Bulls[H]it Master

    Messages:
    20,295
    Joined:
    Apr 11, 2007
  33. gigaxtreme1

    gigaxtreme1 2[H]4U

    Messages:
    3,514
    Joined:
    Oct 1, 2002
    That's hilarious and from the man himself!
     
  34. _mockingbird

    _mockingbird Gawd

    Messages:
    992
    Joined:
    Feb 20, 2017
  35. In day to day computer usage, either on Intel or AMD, would any of these bugs cause a user like me any real trauma?

    "day to day computer usage" = 15 hours, or so gaming, many hours screwing away time on the Information Superhighway, 10, or so minutes checking email.
     
  36. FearTheCow

    FearTheCow [H]ardness Supreme

    Messages:
    4,758
    Joined:
    May 2, 2006
    If you plan on giving someone administrative rights and free access to your PC, then sure!
     
  37. Gideon

    Gideon 2[H]4U

    Messages:
    2,333
    Joined:
    Apr 13, 2006
  38. NKD

    NKD [H]ardness Supreme

    Messages:
    7,739
    Joined:
    Aug 26, 2007
  39. Brackle

    Brackle Old Timer

    Messages:
    7,253
    Joined:
    Jun 19, 2003
  40. OrangeKhrush

    OrangeKhrush [H]ard|Gawd

    Messages:
    1,523
    Joined:
    Dec 15, 2016
    Legal jargon are terms like animus contrahendi, balance of probabilities, beyond reasonable doubt, Dolus and Culpa, pactum sunt savanda, inter vivos.

    The vulnerability as stated by your relied on authority Lonescu is fixed, the method is questioned as to it being a situation where a end user allows administrative rights to be compromised or where ethan hunt absails from your roof and uploads malware onto an already logged in administrative account, it hopes the user will hit yes to the bombardment of requests to pass admin, this makes it a end user related problem.

    These types of intrusions are very possible on intel systems and you can probably call them coffeeflaw, kabyflaw, skyflaw whatever you like, bypassing admin is already compromising a system and the issue lies with human management.

    This has not gathered any momentum and the issue has become the gross violation of standard industry practice that is laced in mala fides and we already know why they chose to blatantly circumvent them. There was motive and it backfired, the world called BS and stocks maintained integrity.
     
    N4CR and Pieter3dnow like this.