Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Summary
CTS Labs published a white paper claiming that they have found no fewer than 13 vulnerabilities in the AMD's chip architecture.
In this article we discuss these vulnerabilities and examine how credible they are.
Finally we discuss the credibility, or rather the lack thereof, of CTS Labs.
On March 13th, 2018, CTS Labs announced that they have found no less than 13, yes, count them, 13 vulnerabilities in AMD's (AMD) Ryzen and EPYC architectures. To back up this claim they have had their findings reviewed by not less than ONE, yes, just one, company, Trail of Bits. To further bolster their claim they have produced one, yes, just one, screenshot of one affected machine where the boot code in the bottom left coroner was replaced with the number "1337." These findings caused Viceroy Research, another firm with a questionable reputation, to proclaim in a 25-page report on the matter that:
“AMD must cease the sale of Ryzen and EPYC chips in the interest of public safety.”
In this article we are going to look at the claimed vulnerabilities, discuss the level of threat these vulnerabilities pose to AMD's customers, and then take a closer look at who's behind CTS Labs.
The Vulnerabilities
A few months ago Google (NASDAQ:GOOG) (NASDAQ:GOOGL) researchers in conjunction with independent security researchers published the Meltdown and Spectre vulnerability research paper. That paper was a pleasure to read, though it was very tough to understand, it was peer reviewed, and came with discussion of methodology and proof of concepts. I wrote an article entitled "Intel And The Meltdown And Spectre Vulnerabilities Explained" discussing these vulnerabilities.
By contrast CTS' white paper, which can be found on amdflaws.com, and yet inexplicably hosted by a blank website safefirmware.com, discusses no methodology at all, and for proof of concepts discussed therein offers just one screenshot of a server with a boot screen with "1337" (hacker slang for LEET which is phonetic shortening of ELITE) added to the bottom right hand corner, purportedly by CTS. Due to the lack of any discussion of methodology or technical details in the white paper it is impossible to verify the veracity of CTS' claims. That said, let's discuss them at face value anyway and see what the worst-case scenario could be.
Security Experts? Well, that's one, where are the rest?
Sorry, but I will side with Linus Torvolds over you. lol Contesting someone who knows his shit and slammed you for good reason.
Who are you anyway? That's right "Feb 22, 2017" Showed up at Ryzen launch out of thin air. Probably one of the returned banned shills I banned from AnandTech years ago with a new IP.
Linus, Kanter and Walrath all state that the exploits have occurred where admin rights were mitigated, while flaws they were on compromised machines, the methodology is not realistic as the bypass requires local access to admin account or backdoors which cause the user to default on admin settings which again can be done on Intel CPU's as easily as they can on AMD, this is more a negligence scenario rather than a Meltdown/Spectre ghost intrusion type flaw.
The Romanian guy Juan is clinging to suggests there is a fault in the method of testing which suggest to fall in line with Jon Walraths opinion on the subject which Kyle Bennett sourced.
This is what I will call a fixed flaw, putting the system into a situation where it is unrealistically bypassed.
so far from credible sources the issue is basically a non issue and I think if AMD trace CTS there will be a massive legal dispute which I would suggest to the two Israeli's to run back home and hide, they have falsified a position to short investors and tarnish the reputation of a company that is performing well within the bounds of ethics.
You can side with whoever you want. I can understand Linus is unaware that Microsoft Security is working in the flaws, but it is very funny that Linus still pretends this is a "scam" from CTS-labs, when all the material (including PoCs) is on the hands of AMD since last Monday. If it was a scam, AMD had denounced it time ago...
This is the second time you attack me, except the other time you did in a PM sent to me. Re-read the whole conversation and pay attention to the last PM I sent you.
That's Dan Guido's company. The same security expert whose twitter feed you've already quoted a few times. So far he's the only 3rd party they've shared the info with according to the Anandtech conference call.You can find another security expert here
https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/
If you want more experts ask Symantec or Microsoft Security.
That's Dan Guido's company. The same security expert whose twitter feed you've already quoted a few times. So far he's the only 3rd party they've shared the info with according to the Anandtech conference call.
No. In #65 I gave a tweet from Alex Ionescu. Then bb_forrest replied to my post in his message #73, recognizing Ionescu is a security expert and requiring me to mention more experts. In my reply #85 I gave him the link to Dan Guido's blog explaining the AMD flaws.
So two experts confirmed CTS-labs findings. And as said in my reply to him, there are more.
And what exactly did Alex say?
He certainly did not confirm what CTS says.
Ionescu also addressed another major criticism directed at CTS Labs —the fact that many security researchers derided the Israeli company because all of the 13 flaws required an attacker to gain admin rights before they could be exploited.
[...]
Ionescu disagreed that some security researchers were dismissing the severity of CTS Labs' findings just because the flaws required admin access.
Fact: these exploits are un-proven.
Fact: these exploits require access that would allow someone to exploit a system no matter what hardware is installed.
Fact: CTS did not follow industry standards and give AMD a chance to address these supposed exploits before releasing them.
Fact: CTS informed the press and a company known for shady business practices involving shorting companies stocks while releasing negative press releases, said company is also associated with CTS.
As the dust settled after yesterday's overly-cosmeticized vulnerability disclosure, many security researchers are now not so dismissive of CTS Labs' findings, and the conspiracy theories about shorting AMD stock are starting to be replaced by warnings that the AMD flaws "could turn bad hacks into worse hacks."
This was because experts started realizing that attackers could use these AMD vulnerabilities to gain post-reinstall persistence by leaving malicious code in secure areas of the CPU. Areas where security software can't scan or reach, and where malicious attackers wouldn't normally be able to reach, admin access or not.
Fact: in an interview previously linked, CTS gave conflicting answers, evaded others, and out right lied.
Edit:
Fact: the one company used to "verify" the exploits was paid to do so, creating a conflict of interest.
Fact: CTS put a disclaimer that their findings were opinions and not statements of fact.
Just to reiterate, any system that these thereoritical and non proven exploits can be used on, requires access that makes basically any system vulnerable. Further, the Asmedia chips allowing the supposed exploits have been, and are, used in millions of Intel systems which CTS did not disclose.
Intel boards don't have the same problems because they use the ASM1142 as a USB controller, not their Security Processor.
The problem is with the ARM cell, likely the debug port. Its just that on Intel, it's just a USB controller. On AMD, it's the Security Processor with access to everything.
So please feel free to factually prove these exploits actually exist, that if these exploits are real, that they are llimited to AMD.
Re-mentioning the same security expert that started all of this, one that everyone already knows about, is not mentioning "more experts". He's a known quantity at this point. It's not adding to your list of experts when he was already the first person on the list.No. In #65 I gave a tweet from Alex Ionescu. Then bb_forrest replied to my post in his message #73, recognizing Ionescu is a security expert and requiring me to mention more experts. In my reply #85 I gave him the link to Dan Guido's blog explaining the AMD flaws.
So two experts confirmed CTS-labs findings. And as said in my reply to him, there are more.
Correct that CTS-labs followed a non-standard disclosure procedure. They have explained many times why they don't like the standard procedure. And of course they don't like the standard procedure for any company, not only for AMD. What is more they want rest of security researchers to follow their procedure when disclosing vulnerabilities for any company.
False that AMD wasn't given "a change". CTS-labs eliminated all the relevant technical details from the public announcements and the public version of paper, whereas sent AMD and others all the technical details, including PoCs. So CTS-labs has combined a fast public announcement with the hiding of the key information to avoid putting users at risk. until AMD and rest of involved companies develop the needed patches and mitigations.
CTS-labs confirmed they will make public the full details once these companies come out with patches and mitigations.
This is legal jargon. The flaws have been confirmed by people outside CTS-labs.
You folks would be better off to put him on permanent ignore and let him talk to himself. Unless you like arguing with alternative facts.
Re-mentioning the same security expert that started all of this, one that everyone already knows about, is not mentioning "more experts". He's a known quantity at this point. It's not adding to your list of experts when he was already the first person on the list.
It is not legal jargon, an opinion as opposed to statement has two very different legal consequences in the event of being incorrect
they also did not test exploiting Intel systems and thus makes it an intentional attack on AMD's stocks for personal gains.
Interesting how Juanrga misconstrues words, I never acknowledged that the person he quoted was a security expert
No. In #65 I gave a tweet from Alex Ionescu. Then bb_forrest replied to my post in his message #73,recognizing Ionescu is a security expert andrequiring me to mention more experts. In my reply #85 I gave him the link to Dan Guido's blog explaining the AMD flaws.
So two experts confirmed CTS-labs findings. And as said in my reply to him, there are more.
I find it amusing you managed to come up with that conclusion when I never once said or even implied that.Amusing how you guys insist on that Dan Guido and Alex Ionescu are the same person.
He must have one helluva reputation for doing that already if he's got this entire forum and Linus Torvalds calling him out. It's ashame because he does occasionally have decent info to share, but it always comes with some spin.Interesting how Juanrga misconstrues words, I never acknowledged that the person he quoted was a security expert, I said that he used a plural term and only quoted 1.
I find it amusing you managed to come up with that conclusion when I never once said or even implied that.
He must have one helluva reputation for doing that already if he's got this entire forum and Linus Torvalds calling him out. It's ashame because he does occasionally have decent info to share, but it always comes with some spin.
A link to it is in post #66 of this thread.Where did Linus call him out at? Would be hilarious to see.
A link to it is in post #66 of this thread.
https://www.realworldtech.com/forum/?threadid=175139&curpostid=175168
If you plan on giving someone administrative rights and free access to your PC, then sure!In day to day computer usage, either on Intel or AMD, would any of these bugs cause a user like me any real trauma?
"day to day computer usage" = 15 hours, or so gaming, many hours screwing away time on the Information Superhighway, 10, or so minutes checking email.
A link to it is in post #66 of this thread.
https://www.realworldtech.com/forum/?threadid=175139&curpostid=175168
A link to it is in post #66 of this thread.
https://www.realworldtech.com/forum/?threadid=175139&curpostid=175168
A link to it is in post #66 of this thread.
https://www.realworldtech.com/forum/?threadid=175139&curpostid=175168
Amusing how you guys insist on that Dan Guido and Alex Ionescu are the same person.
So it is legal jargon.
The flaws of the AMD secure processor are exclusive to AMD. E.g no Intel system can be affected by Ryzenfall, because no Intel system uses AMD secure processor...
Flaws such as Chimera could be present on Intel systems whose boards use affected ASMedia chipsets for USB controller. CTS labs tested Intel-based systems "made by HP, Dell, Lenovo, etc. and they were not affected".