AMD CPU Attack Vectors and Vulnerabilities

Discussion in '[H]ard|OCP Front Page News' started by Kyle_Bennett, Mar 13, 2018.

  1. viper1152012

    viper1152012 Gawd

    Messages:
    656
    Joined:
    Jun 20, 2012
    The short window of review and being unverified make me wanna eat a whole bottle of salt when I read the article.
     
    iNViSiGOD and griff30 like this.
  2. griff30

    griff30 I Lower the Boom!

    Messages:
    8,555
    Joined:
    Jul 15, 2000
    Surely those security experts that found it work for free and only have AMD owner's best interest at heart.
    It was done totally altruistically. ;);)
     
  3. LodeRunner

    LodeRunner [H]Lite

    Messages:
    78
    Joined:
    Sep 8, 2006
    Trivial with Windows install media. Boot to a recovery command prompt, replace the login screen Ease of Access executable with cmd.exe, reboot. Once booted, open the command prompt, pass 'net user' to list local user accounts, pick one and reset the password. Done. Also any number of free boot disks have utilities that mount NTFS, find the user store, query it for admin level users, and then blank the password (and optionally enable the account if disabled). Some of these methods might be hindered by full disk encryption, Bitlocker, or other measures, I can't claim to have tested any mitigations for this particular attack.

    Either method is something that anyone with Google and a boot disk can get done in ~10 minutes or less.
     
  4. naib

    naib Gawd

    Messages:
    958
    Joined:
    Jul 26, 2013
    its been discredited

     
  5. Uncle

    Uncle 2[H]4U

    Messages:
    2,192
    Joined:
    Jun 7, 2004
    Not only that, I think Intel is losing market share. Intel doing this is a good way to neutralize AMD, or at least slow down their advance. Fear based marketing still works. I for one won't upgrade my intel chip, until I absolutely have too, til I see a permanent redesigned chip without the flaws. That is one news item I have not read about. It takes yrs to do design work, so Intel give me some good news on a permanent flaw free new chip.
     
  6. griff30

    griff30 I Lower the Boom!

    Messages:
    8,555
    Joined:
    Jul 15, 2000
    naib likes this.
  7. ecmaster76

    ecmaster76 [H]ard|Gawd

    Messages:
    1,147
    Joined:
    Feb 6, 2007
    Drive encryption is recommended these days for a reason... especially systems where anyone could get physical access. What you describe already compromises the system (unless its employing application control/whitelisting technology) and wouldn't require any further exploit. It would also work with any Intel system
     
    PaulP likes this.
  8. Mega6

    Mega6 Gawd

    Messages:
    577
    Joined:
    Aug 13, 2017
    Virtual Company?

     
    PaulP, Formula.350, N4CR and 8 others like this.
  9. BSmith

    BSmith Gawd

    Messages:
    903
    Joined:
    Nov 9, 2017
    Well, what I said had a context attached to the meaning of "smear campaign". I suppose I should have included what my understanding of the term is.

    Smear Campaign: A plan to discredit a public entity by making false or dubious accusations.

    I would call "exaggerations" dubious.

    As far as letting a company know about things which may be wrong with its product or service. Ever wrote a review of a product or service? I have. I just wrote a bad review for a product I got at Amazon which was poorly designed and misrepresented in its images. I did not bother contacting the manufacturer first before I detailed all that was wrong in Amazon review section.

    Early notification of something wrong can be considered good business practice, but it is not required. It does not impact the information being released, if the information is accurate.

    Now I am not supporting any of the information released. It seems to me to be written with a broad brush and I am not gong to be surprised if it is shredded for accuracy alone.

    It does not change how I feel. If it is factual, then I am hard pressed to call it a "smear campaign" in the context of my understanding of the term.
     
  10. ole-m

    ole-m Limp Gawd

    Messages:
    310
    Joined:
    Oct 5, 2015
    This is false, Meltdown is demonstrated remotely in javascript.
    Spectre too, Spectre was never demonstrated to work on amd chips, but in theory they should be able to work.
    In theory white holes (opposite of black holes) do exist but we don't see something bright pushing out material at amazing rates but they might exist.

    But spectre and meltdown does not require local attack vector.
     
  11. SighTurtle

    SighTurtle [H]ard|Gawd

    Messages:
    1,295
    Joined:
    Jul 29, 2016
    Doubt its Intel, probably some sort of stock manipulation scheme.
     
    KazeoHin, griff30 and Gideon like this.
  12. Sikkyu

    Sikkyu I Question Reality

    Messages:
    2,787
    Joined:
    Jan 21, 2010
    AMD chips execute malicious code if the user want to. Its AMD's fault, clearly.
     
    Darth Kyrie and Chupachup like this.
  13. griff30

    griff30 I Lower the Boom!

    Messages:
    8,555
    Joined:
    Jul 15, 2000
    First "reasearch scientist" in the video seriously needs to use Visine after hitting the bong.

    Can't help but laugh that they say they are "deeply concerned" yet spend more time setting up actors, lighting, sound crew and video design, than they give AMD in time to respond.(24 hours)
    Looks like an Onion article.

    Extremely sceptical.
     
  14. Kyle_Bennett

    Kyle_Bennett El Chingón Staff Member

    Messages:
    51,772
    Joined:
    May 18, 1997
    Josh is usually right on these sorts of things....

     
    Darth Kyrie, Reimu, Chupachup and 5 others like this.
  15. krotch

    krotch [H]ardness Supreme

    Messages:
    4,559
    Joined:
    Aug 12, 2004
    I'm thinking more from AD domain, not so much just getting local admin rights on a machine. An MS Dart disc can get me local admin access, so long as I have physical access.


    Meltdown is demonstrated remotely in javascript using a local attack. As in, someone locally, on the machine, executes it. That's what local attack means. It's not some hacker on the net, using the Meltdown vulnerability to gain access to the box.
     
  16. Master_shake_

    Master_shake_ Little Bitch

    Messages:
    6,250
    Joined:
    Apr 9, 2012
    So physical address is a must?

    I think if someone is at your computer you're fucked anyway.

    Good Lord what a stupid flaw.

    Did you know that if someone has your debit card and pin they can take your money?
     
  17. Twisted Kidney

    Twisted Kidney 2[H]4U

    Messages:
    2,849
    Joined:
    Mar 18, 2013
    Wait a cotton pickin' minute here. Can a website be used to spread bullshit conspiracy theories to discredit a person, product, or corporation?

    Impossible!
     
  18. BeepBeep2

    BeepBeep2 n00bie

    Messages:
    9
    Joined:
    Dec 19, 2016
    Local execution.

    _________________________________________________________________________________

    As far as this whitepaper, it looks like total trash. Every exploit listed requires at least one of the following:
    1. Physical Access
    2. A modified BIOS with injected malware to be flashed
    3. Administrator-level user access

    MasterKey
    If someone has physical access, what is the point of flashing a modified BIOS, unless said person does not have valid administrator credentials? The likelihood of this happening on your home PC is zero, unless someone broke into your house just to flash your BIOS.

    Even in a workplace or datacenter, a malicious employee would have to shut down a workstation to perform these actions and 99.99% of the time, BIOSes are protected from flashing or modification with an admin password. That password can be reset easily in most OEM machines, but still requires a machine to be physically opened. How likely is that scenario, when a malicious employee 99.99% of the time could just install malware from a user account on a running machine? Yeah, the employee taking his whole workstation to the restroom or janitor's closet for an hour seems a little suspicious! <--- Very ironic, seems like a huge security flaw to let your users use their computers!

    RyzenFall
    Requires elevated administrator credentials. At this point, why are you wasting your time trying to exploit security flaws? Copy the whole disk or whatever you want, you're an administrator!

    Fallout
    Requires elevated administrator credentials. At this point, why are you wasting your time trying to exploit security flaws? Copy the whole disk or whatever you want, you're an administrator!

    Chimera
    Requires elevated administrator credentials. At this point, why are you wasting your time trying to exploit security flaws? Copy the whole disk or whatever you want, you're an administrator!



    This is some of the biggest BS I've ever seen. If you're worried about the memory access capabilities of these "vulnerabilities" across VMs, you shouldn't have been so f'ing stupid to let the attacker get that far.
     
    Darth Kyrie, PaulP, spine and 5 others like this.
  19. griff30

    griff30 I Lower the Boom!

    Messages:
    8,555
    Joined:
    Jul 15, 2000
  20. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,838
    Joined:
    Nov 22, 2008
  21. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,838
    Joined:
    Nov 22, 2008
    Lmao, apparently their videos are all green screened from readily available stocks as shown on reddit.

    A5E4ACFE-84CC-4997-94AE-460A5C7C918F.jpeg
     
  22. bigdogchris

    bigdogchris Wii was a Novelty

    Messages:
    17,345
    Joined:
    Feb 19, 2008
    I wonder who at Intel paid for this?

    In other news, I wonder what exploits are available on Intel CPUs when you have admin rights?

    Disclaimer: I only use Intel CPU's.
     
    Chupachup, Jyp_Ster, Aioeyu and 2 others like this.
  23. Imhotep

    Imhotep Gawd

    Messages:
    569
    Joined:
    Feb 12, 2014
    No one with 3 bits of knowledge reads pc world. I wonder if these clowns were serious. If they are than, they need to stop smoking whatever it is they are on...lol
     
    Master_shake_ likes this.
  24. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,838
    Joined:
    Nov 22, 2008
    It's getting real in here... from TR.

    https://techreport.com/news/33368/s...of-ryzen-epyc-and-amd-chipset-vulnerabilities
     
  25. griff30

    griff30 I Lower the Boom!

    Messages:
    8,555
    Joined:
    Jul 15, 2000
    Local access required to run the code.

    So is your wife really "cheating" on you, if you paid someone to screw her and drugged your wife?

    Yeah that's a real "exploit" alright.

    Thanks Intel(cucks). I am DEFINITELY buying AMD this time around.
     
    Master_shake_ and rgMekanic like this.
  26. pcgeekesq

    pcgeekesq Gawd

    Messages:
    789
    Joined:
    Apr 23, 2012
    Still betting this is AMD short-sellers trying to manipulate the market, not Intel.
    AMD stock is still up on the day (though less so than earlier)
     
    TurboGLH, griff30 and Kyle_Bennett like this.
  27. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,838
    Joined:
    Nov 22, 2008
    Yea, check post 65.

    Viceroy is short selling on crack cocaine!
     
  28. ole-m

    ole-m Limp Gawd

    Messages:
    310
    Joined:
    Oct 5, 2015
    anything executing is local if you wanna put it like that.
    If you have an SQL injection it executes locally so it's a local exploit as well.
    Javascript can be called in numerous ways, on an Amazon shared VM server to gain access to other machines and get outside the sandbox, none of these issues can
     
  29. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,838
    Joined:
    Nov 22, 2008
  30. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,838
    Joined:
    Nov 22, 2008
    Apparently CTS is paying for news?

     
  31. alamox

    alamox Limp Gawd

    Messages:
    381
    Joined:
    Jun 6, 2014
    intel most immoral company + israel most immoral country = a match made in heaven.
    the research lab is probably so young and so small that it wouldn't be worth sueing for defamation.
    AMD can't do anything but watch intel hiring thugs to slander them.
     
    N4CR likes this.
  32. Mega6

    Mega6 Gawd

    Messages:
    577
    Joined:
    Aug 13, 2017
    Wired has a good article on this - Overblown to say the least.

    "four attacks require administrative privileges means that to execute them, a hacker would already need extraordinary access to a device—and could presumably already create all kind of havoc even without Ryzenfall, Masterkey, Fallout, or Chimera."

    https://www.wired.com/story/amd-backdoor-cts-labs-backlash/
     
    Darth Kyrie likes this.
  33. Bigdady92

    Bigdady92 [H]ardness Supreme

    Messages:
    5,635
    Joined:
    Jun 20, 2001
    All AMD has to do is claim registered trademark of their brand and contact godaddy to take down the domain as using a registered company name in ANYTHING without permission is a big NoNo.

    This will take AMD lawyers 10min and 2 phone calls to accomplish.
     
  34. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,838
    Joined:
    Nov 22, 2008

    I wonder if WIRED knew that CTS Labs paid Guido of Trail of Bits...?

     
  35. DukenukemX

    DukenukemX 2[H]4U

    Messages:
    3,613
    Joined:
    Jan 30, 2005
    It smells of Intel.

    26bhm5.jpg
     
    the901, OrangeKhrush, Reimu and 5 others like this.
  36. EVIL-SCOTSMAN

    EVIL-SCOTSMAN [H]ardness Supreme

    Messages:
    4,804
    Joined:
    Feb 28, 2006
    I am positive the release of these exploits was done by a person who wears a pair of beats, by dre.
     
    griff30 likes this.
  37. SighTurtle

    SighTurtle [H]ard|Gawd

    Messages:
    1,295
    Joined:
    Jul 29, 2016
    https://motherboard.vice.com/en_us/...ssor-ryzen-epyc-vulnerabilities-and-backdoors

    tldr: The bugs are real (at least according to the 3rd party CTS paid for confirmation), but the way everything was presented and done is sketchy as hell to say the least. (24 hr disclosure, the report from a stock company saying AMD is worth nothing, and a website describing the bugs in a outrageous manner) I'm calling it a overhyped problem, probably designed to make AMD look bad or do some other shady stock market stuff.
     
  38. thesmokingman

    thesmokingman [H]ardness Supreme

    Messages:
    4,838
    Joined:
    Nov 22, 2008
    Your link is basically a paid advert, ie. the guy that got paid wrote that.
     
  39. Bigdady92

    Bigdady92 [H]ardness Supreme

    Messages:
    5,635
    Joined:
    Jun 20, 2001
    II love that line "Each one works as described" Well no shit it does chief. You have admin rights, you have malware loaded into the BIOS, and the only thing you are missing is the user's PIN to their Debit card to destroy their world.
     
Tags: