13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

ir0nw0lf

Supreme [H]ardness
Joined
Feb 7, 2003
Messages
6,404
Just saw this over at TPU:

https://www.techpowerup.com/242328/...d-in-amd-zen-architecture-including-backdoors

First two paragraphs:
Security researchers with Israel-based CTS-Labs, have discovered a staggering thirteen critical security vulnerabilities for AMD's "Zen" CPU microarchitecture, which are as damning as the recent "Meltdown" and "Spectre" vulnerabilities that affect various CPU manufacturers at varying degrees (Intel, AMD, and ARM). The thirteen new CVEs are broadly classified into four groups based on the similarity in function of the processor that they exploit: "Ryzenfall," "Masterkey," "Fallout," and "Chimera."

The researchers "believe that networks that contain AMD computers are at a considerable risk," malware can "survive computer reboots and re-installations of the operating system, while remaining virtually undetectable by most endpoint security solutions, such as anti-virus software." They also mention that in their opinion, "the basic nature of some of these vulnerabilities amounts to complete disregard of fundamental security principles. This raises concerning questions regarding security practices, auditing, and quality controls at AMD."
 
I read that on CNET, dick move on CTS-Labs giving AMD 24 hours to address it. Reading from CNET, seems like a lot of the issue is a PEBKAC.
 
From what I've read this is a smear job by a shell company. There are no CVE's the whitepaper is incredibly vague. It includes ground breaking issues such as allowing somebody rights to flash firmware is bad and someone with admin rights can steal information.

I won't go as far as saying this isn't true but I will say there is something fishy about all of this.
 
Well, this is a bit of a shocker.

Website: amdflaws.com

Link to white paper: https://safefirmware.com/amdflaws_whitepaper.pdf

Viceroy Research Report: AMD - The Obituary. https://viceroyresearch.org/2018/03/13/a...-obituary/

Viceroy also states that their price target for AMD is $0. Stock unmoved so far by this.


I’m more than a bit sceptical. We’ll see how this plays out.

Edit: Apparently AMD was given 24 hours notice. I don't recall ever seeing anything like this before. Something seems off about this, to say the least.
 
Last edited:
I honestly think somebody is trying to buy out AMD and this is an effort to tank their value for a hostile takeover.


A move like that would be dumber than keying a black and white in front of a police station.

It's easy to track, and different details would be trampling each other to take jurisdiction over the case.

You get a softball in the bag like that for a promotion over your explicitly stated top pay grade.
 
Cool, any guesses for how long it takes for the League of Intel Evangelists to chime in?


If I were a betting man I'd say it will take about as long as it took the ADF to show up when Meltdown hit the streets.
 
Fake News.
Those Codes ALL need local access.
MEANING : You let them on your computer physically on your keyboard.

So yeah it's like they "caught" someone fucking their wife:
Only the cucks encouraged the guy and they drugged the wife.
 
WTF

OkWlIxA.jpg
 
Yeah, read this the other day. I'm keeping my eyes open for more details, but I imagine AMD will remain tight lipped (other than "they're looking into it") until they find anything and determine if a solution is available and workable.
 
Yeah, read this the other day. I'm keeping my eyes open for more details, but I imagine AMD will remain tight lipped (other than "they're looking into it") until they find anything and determine if a solution is available and workable.

More like ignore it as it is only a problem if a company is run by fucktards that allow ex-employees to keep admin access to thier servers.



It's a nothing burger.
 
More like ignore it as it is only a problem if a company is run by fucktards that allow ex-employees to keep admin access to thier servers.



It's a nothing burger.
They still have an obligation to investigate the claims in order to protect their shareholders, and possibly their customers.
CTS Labs is a fake security "company" that is funded by Viceroy Research.

Viceroy Research taking a "sizeable" short position in AMD

https://www.cnbc.com/2018/03/13/reu...israeli-firm-says-it-finds-amd-chip-flaw.html
Sounds like grounds for an insider trading lawsuit, though not being a lawyer, I don't know precedent for such a case.
 
is this shit even legal? They got anonymous email about this and they took a short position? Fuckin looks like insider trading to me. May be they went around it but all this is shady as fuck. Seems like shit is so funded by pro intel crowd, not to mention intel is big in isreal. Oh yea give someone access to your computer and then complain about getting hacked? Thats what this is about? ROFL!
 
A move like that would be dumber than keying a black and white in front of a police station.

It's easy to track, and different details would be trampling each other to take jurisdiction over the case.

You get a softball in the bag like that for a promotion over your explicitly stated top pay grade.

Yet that is likely what happened. Someone tried to manipulate the stock market through a sham company.
 
ROFL. Look at the way they word things.

AMD Ryzen Chipset
Outsourced Chip Design Contains Backdoors


clearly they are wording it as to diminish them. I mean its not like intel doesn't outsource right? rofl. They could have been more professional and said chip desgin contains backdoor. haha
 
This seems almost too easy. If there's such a universal rebuttal in the hardware community, why bother with the ruse at all?
 
This seems almost too easy. If there's such a universal rebuttal in the hardware community, why bother with the ruse at all?
If they're based outside the US, then legal action (by a US entity) becomes more tricky. There is a possibility that no legal action will be taken, in which case they stand to earn great profits from the inevitable bump such a story would make in the stock price (down, and then back up as it recovered, in this case). Probably worst case, their puppit company gets sued for all they're worth, and they break even (minus operating costs). That's the most obvious motive, and it appears that various circumstances support the theory.
 
This seems almost too easy. If there's such a universal rebuttal in the hardware community, why bother with the ruse at all?

Cause a small reaction in stock price before the media can correct it, could possibly turn into millions on short sales.
 
Well, here is something:

The company changed its name from Flexagrid Systems Inc. to Catenoid Security then to CTS-Labs

1aw3gXG.png

6PSWGZ4.png
 
Basically everyone is calling this one BS, seems like ulterior motives at play here. List intrusions that are possible on any system that is hacked, welcome to the world of cyber crimes.

The last tiem I saw anything this shady it was Discovery's Shark Week hoopla on Megalodon sightings that was buy a FUD specialist repeated over and over, DIscovery bit the bullet and called it a lie.

The lack of detail is astounding, and we are to believe guys that use green screens to fake an office. Cool story.
 
Basically everyone is calling this one BS, seems like ulterior motives at play here. List intrusions that are possible on any system that is hacked, welcome to the world of cyber crimes.

The last tiem I saw anything this shady it was Discovery's Shark Week hoopla on Megalodon sightings that was buy a FUD specialist repeated over and over, DIscovery bit the bullet and called it a lie.

The lack of detail is astounding, and we are to believe guys that use green screens to fake an office. Cool story.
Well, let's be fair. There was the whole 'vaccines cause autism' thing.

Ultimately I'd like to know (soon) whether there are any real vulnerabilities that I need to be concerned with, since I just built 3 Ryzen APU based HTPCs. Sounds like probably not, but the real 'news' (if any) is getting washed away by the stock manipulation/short sale/hostile takeover aspect.
 
Well, let's be fair. There was the whole 'vaccines cause autism' thing.

Ultimately I'd like to know (soon) whether there are any real vulnerabilities that I need to be concerned with, since I just built 3 Ryzen APU based HTPCs. Sounds like probably not, but the real 'news' (if any) is getting washed away by the stock manipulation/short sale/hostile takeover aspect.

You can assume there are probably intrusions linked to spectre based breaks however these are addressed regularly by all parties. This is a pure laughable attempt at sabotage. I would bring them to book and squeeze them while under oath in the dock, this will be uncovered to be an elaborate scheme.

Viceroy have a history of sabotage recently in my Country so I would be very cautious about this type of article and their sources are shocking to say the least.
 
Basically everyone is calling this one BS, seems like ulterior motives at play here. List intrusions that are possible on any system that is hacked, welcome to the world of cyber crimes.

The last tiem I saw anything this shady it was Discovery's Shark Week hoopla on Megalodon sightings that was buy a FUD specialist repeated over and over, DIscovery bit the bullet and called it a lie.

The lack of detail is astounding, and we are to believe guys that use green screens to fake an office. Cool story.

lol i remember that shit(almost all the information from that was taken word for word out of the book called "Meg" which was a great book to begin with) and then discovery did it again recently with the Amelia Earhart shit and realized it was totally fake when some one found the original photo the whole show was based on so they cut the series short.
 
so can we call this leveraged short and distort scam but perpetrators based in Isreal so beyond the reach of law episode over now?
 
so can we call this leveraged short and distort scam but perpetrators based in Isreal so beyond the reach of law episode over now?

Who knows if CTS-Lab or Viceroy Research is actually based in Israel, whole thing is shady.
 
Who knows if CTS-Lab or Viceroy Research is actually based in Israel, whole thing is shady.

well CTS-lab is in tel-aviv. viceroy research seems the main culprit and they've done this before using social media to tank stocks. previous lawsuit against them has them disclosing they are three guys from new york, which may be a lie. either way I think this is the highest profile company they've done this too so hopefully on law enforcements radar now.
 
So the security flaws are confirmed


And they aren't flaws exploiting complex security holes, but exploiting basic mistakes:

It took time to set-up the working environment to start communication with the AMD Secure processor, but after reaching a full working setup and understanding of the architecture –we started finding vulnerabilities. One, and another and another. And not complex, crazy logical bugs, but basic mistakes– like screwing up the digital signatures mechanism. At that point, about once a week we found a new vulnerability, not in one specific section, but across different sections and regions of the chips.
 
Last edited:
You missed the fact that the "flaws" require local access and/or administrative privs right?

I didn't, neither missed that "if an unauthorized user is able to gain the required administrative access, these exploits could allow them to place a backdoor on the system that would be undetectable without extensive analysis and could require hardware replacement as a mitigation."
 
I didn't, neither missed that "if an unauthorized user is able to gain the required administrative access, these exploits could allow them to place a backdoor on the system that would be undetectable without extensive analysis and could require hardware replacement as a mitigation."
Some might call that a feature... or a rootkit.
 
Research package with PoCs sent to AMD, Microsoft, HP, Dell, Symantec, FireEye, and Cisco Systems, to help them develop patches and mitigation.

https://www.techpowerup.com/242346/...a-research-package-with-proof-of-concept-code

Rofl? Any security company that gives the manufacturer 24 hours to react has no credibility. They are doing only one thing and that is spreading fud. Yea I’ll give you access to my intel computer and I am sure you could infect it. Lol. If a company can’t secure their admin rights they will get hacked whether it’s intel or amd.
 
Back
Top