AMD Responds To CTS Labs Vulnerability Claims

Discussion in '[H]ard|OCP Front Page News' started by rgMekanic, Mar 20, 2018.

  1. rgMekanic

    rgMekanic [H]ard|News Staff Member

    Messages:
    5,077
    Joined:
    May 13, 2013
    Last week we wrote about possible AMD security flaws that were announced by CTS Labs. Today, AMD has released their assessment of CTS Labs' claims in a community post. AMD makes it clear that the issues identified by CTS Labs have nothing to do with Meltdown and Spectre, but are associated with the firmware that manages the AMD Secure Processor, as well as the chipset used in some AM4 and TR4 motherboards.

    AMD Notes that all issues raised in the CTS Labs report require administrative access to the machine in order to implement, meaning before any of these exploits could be used, an attacker would already have full control of the system, and can essentially, do whatever they want. Despite this, AMD is releasing a firmware patch that will be available via BIOS update, and will not have any expected impact on system performance to address the issues. An article on PCPer goes into more depth.

    In addition CTS Labs has posted a video on YouTube, showing proof-of-concept for the Masterkey-1 exploit. In the video CTS Labs shows them installing a modified BIOS for a TYAN motherboard which makes the screen flicker during boot.

    The integrity of CTS Labs has come into question, since they published the vulnerabilities last week, to where even Linus Torvalds spoke about it in his signature style. I find it interesting that CTS Labs has decided to disable comments and hige the like/dislike ratio for the video above. And I find it impressive that AMD is going to release a patch for this, despite the fact the attacker must already have full access to the machine, as well as know what motherboard it is using in order to write a custom BIOS. Still seems quite shady to me.
     
  2. bugleyman

    bugleyman [H]ard|Gawd

    Messages:
    1,160
    Joined:
    Oct 27, 2010
    Owning a system that you already own. Impressive "exploit."

    In other news, locks are flawed because people already inside your house can steal stuff.
     
  3. darrpara

    darrpara Gawd

    Messages:
    617
    Joined:
    Apr 26, 2011
    It is even worse than that. This is like saying locks are flawed if you have the key to get in because once you get in you can open the door from the inside without a key.
     
  4. Axehandler

    Axehandler Gawd

    Messages:
    601
    Joined:
    Dec 19, 2007
    Kinda like showing you how a lock works then complaining that there is an security issue...


    60eedae3deb38e54662a076cedb4d799.gif
     
    lostin3d likes this.
  5. ChadD

    ChadD I Love TEXAS

    Messages:
    3,101
    Joined:
    Feb 8, 2016
    If the best exploit you can come up with involves faking a machines BIOS... which is highly machine specific and dodgy as hell if not impossible to pull off in the real world... but then to top it off you have to have already broken in using some other method first. LMAO is about all you can say.

    Kudos to AMD for saying ok sure we could make this bit of code a bit more secure I guess. Put it on the level of every other non News grabbing bug that gets discovered and patched daily. Claiming this crap as some show stopping AMD bug was highly stupid as clearly the guys that found it where smart enough to understand it wasn't really a big deal. Makes you wonder how much they had shorted AMD stock prior.
     
  6. naib

    naib [H]ard|Gawd

    Messages:
    1,058
    Joined:
    Jul 26, 2013
  7. M76

    M76 [H]ardness Supreme

    Messages:
    7,486
    Joined:
    Jun 12, 2012
    We can make your screen flicker during boot, if we already have full access to your machine! Be afraid! Clear case of a straight up smearjob, but of the very cheap kind.
    I doubt Intel put them up to this. It's more like "we're friends with intel so we do this for them". I don't think anyone with the pull required to make this happen is stupid enough to do it at intel. This only makes them look worse. Complaining about the neighbor's lawn while sitting on a giant landfill themselves.
     
    Darth Kyrie likes this.
  8. viper1152012

    viper1152012 Gawd

    Messages:
    837
    Joined:
    Jun 20, 2012
    Good jorb pointing that out Courageous Terrific Labs, but did you know its easy to unlock a door when the roof is exploited?

    Kudos to AMD for the meh it's fixed approach. Keep owning them U fine Sirs
     
    Darth Kyrie likes this.
  9. mullet

    mullet [H]ard|Gawd

    Messages:
    1,548
    Joined:
    Aug 19, 2004
    AMD wins my $$$$$$$$$$$$
     
  10. KazeoHin

    KazeoHin [H]ardness Supreme

    Messages:
    7,460
    Joined:
    Sep 7, 2011
    So AMD takes a week to do what CTS thought would take more than 90 days?

    notsurprisedkirk.jpg
     
  11. kju1

    kju1 2[H]4U

    Messages:
    2,589
    Joined:
    Mar 27, 2002
    I find it a little disturbing that you are willing to dismiss a vulnerability even though it requires local access to exploit today. Its still something that should be fixed. Granted it doesnt get the same priority as remote exploits but its still desirable to patch and close the hole. The risk posture might mean patch later but it will almost never say "patch never".

    I applaud AMD for taking the time to patch this thereby letting their customers making their own risk mitigation decisions.

    EDIT: To be fair thats my take on how I read your statement in context of the post overall. if thats not your intent then the above doesnt necessarily apply ;)
     
  12. PhaseNoise

    PhaseNoise Gawd

    Messages:
    943
    Joined:
    May 11, 2005
    Technically, it is more like people you ever invited into your house or got through the lock could remain invisible in your house forever - even if you sell it and the new owner changes all the locks.
     
    Araxie likes this.
  13. naib

    naib [H]ard|Gawd

    Messages:
    1,058
    Joined:
    Jul 26, 2013
    I took this as AMD laying the beatdown on CTS while they were fresh in everyones minds... had they released a patch in say 3months people would have mostly forgotten about CTS. providing details of the fix so shortly after CTS bullshit press statements re-affirms they are so full of shit
     
    sirmonkey1985 likes this.
  14. WhoMe

    WhoMe Gawd

    Messages:
    737
    Joined:
    Jan 3, 2018
    I'm impressed how fast they responded to this. I doubt many cared about it for obvious reasons, but it's nice of AMD to do something fast just to be on the safe side (and earn some good PR). AMD I will seriously considering you in my next build (Intel has a lot of work to do in the next few years if they want my money again).
     
  15. TurboGLH

    TurboGLH Limp Gawd

    Messages:
    503
    Joined:
    Dec 19, 2002
    It was smart on their part to get ahead of it. There's a vocal minority, here and elsewhere, that won't stop beating their drums against AMD in any way they can, regardless of how big or small. Better to get info out there and get a fix in the pipeline, especially if the timeline to do so is substantially lower than CTS claimed was likely.
     
  16. pgaster

    pgaster [H]ard|Gawd

    Messages:
    1,284
    Joined:
    May 17, 2008
    Viceroy Research: “We believe AMD is worth $0.00, and will have no choice but to file for Chapter 11 Bankruptcy in order to effectively deal with the repercussions of recent discoveries.”

    When is AMD filing?
    Did the stock hit $0 today?

    Don't tell me these guys were wrong too...
     
  17. Nobu

    Nobu [H]ard|Gawd

    Messages:
    2,027
    Joined:
    Jun 7, 2007
    It shows that they are confident that a fix is possible, and likely won't take long to implement. It also shows how little cts knows about how firmware and microcode work.
     
  18. Mega6

    Mega6 Gawd

    Messages:
    988
    Joined:
    Aug 13, 2017
    CTS has already won with their Idiocy. Congrads to them, well played Fauxters.
     
  19. Derangel

    Derangel [H]ardForum Junkie

    Messages:
    16,019
    Joined:
    Jan 31, 2008
    Not really. Their goal was to short AMD's stock. AMD's stock was not remotely effected by the news. So CTS and Viceroy failed.
     
  20. Mega6

    Mega6 Gawd

    Messages:
    988
    Joined:
    Aug 13, 2017
    Do you think customers are lining up to do business with the great AMD Hackers? Uneducated customers I would imagine, which appears to be a lot. AMD releasing a patch sort of "vidicates" these CTS guys in the eyes of some.
     
  21. panhead

    panhead Gawd

    Messages:
    892
    Joined:
    Dec 19, 2003
    So, did Viceroy and CTS Labs make the profit they wanted shorting AMD stock? :p
     
  22. Master_shake_

    Master_shake_ Little Bitch

    Messages:
    7,265
    Joined:
    Apr 9, 2012
  23. Brackle

    Brackle Old Timer

    Messages:
    7,288
    Joined:
    Jun 19, 2003
    So basically like everyone said other then a few Shills....A huge big nothingburger.
     
  24. skydriver

    skydriver [H]Lite

    Messages:
    100
    Joined:
    Jan 12, 2015

    I think the "real" story is fake news for profit. That's how I see it , maybe I'm wrong? If that's the case it really shouldn't be a nothing burger.
     
  25. Anarchist4000

    Anarchist4000 [H]ard|Gawd

    Messages:
    1,657
    Joined:
    Jun 10, 2001
    Attempted fake news for profit might be more accurate.
     
  26. thebufenator

    thebufenator Gawd

    Messages:
    987
    Joined:
    Dec 8, 2004
    Quick, ACTIVATE THE BAT SIGNAL!!!!!

    We need the counter point on why Intel is better and AMD still sucks!!
     
    Darth Kyrie and Perilous like this.
  27. Nobu

    Nobu [H]ard|Gawd

    Messages:
    2,027
    Joined:
    Jun 7, 2007
    They're real flaws, so not really "nothing," but also not nearly as serious as they were made out to be, nor as unpatchable.

    They're non-trivial to exploit (require admin/"metal" access), and can be patched easily enough (say, a couple weeks, then a week or two to distribute them). Most users will be patched before they can even become a target, and the ones who might not be will likely have better security measures than the average user admin.
     
    juanrga likes this.
  28. MaZa

    MaZa 2[H]4U

    Messages:
    2,499
    Joined:
    Sep 21, 2008
    I think they will make the firmware update, even though it is completely unnecessary, just to shut the IDF up. Even if this "vulnerability" is ridiculous it still provides some ammunition for Intel fanatics and that may affect potential sales if some poor sod who is buying a new PC happens to believe their ramblings.
     
  29. velusip

    velusip [H]ard|Gawd

    Messages:
    1,360
    Joined:
    Jan 24, 2005
    I don't know what level of short they bought, but AMD's stock has been trending down for a couple of months, and this little fiasco had no effect. I'm assuming it was a relatively small short intended to increase daily volalitity and allow some buy-ins during a good time to buy.

    Regardless of the level of urgency, system breaking or general maintenance, it's a legitimate flaw which needs patching.

    Under normal circumstances this would have been handled discreetly and yielded some bug bounty to the researchers. Since they didn't take that route, it's crystal clear they meant to do harm.

    Other than the little fuckwits at CTS Labs and Trail of Bits, business as usual for AMD.
     
    MaZa likes this.
  30. ol1bit

    ol1bit [H]ard|Gawd

    Messages:
    1,210
    Joined:
    Jan 15, 2007
    Kudos to AMD. Smack them back into oblivion!
     
    Darth Kyrie likes this.
  31. naib

    naib [H]ard|Gawd

    Messages:
    1,058
    Joined:
    Jul 26, 2013
    It was a flaw that was known about since Jan 2018... http://seclists.org/fulldisclosure/2018/Jan/12 This then prompted AMD to provide the end-user (Ryzen) means to "disable" the PSP (whether it really does is something different, it did cause a change on my system).
    So the CTS spin is an even bigger nothingburger... they didn't actually find anything that wasn't already known and worked on
     
  32. Shintai

    Shintai [H]ardness Supreme

    Messages:
    5,717
    Joined:
    Jul 1, 2016
    So all flaws confirmed just as Spectre. But they still have to release Spectre patches as far as I know.
     
    juanrga likes this.
  33. ole-m

    ole-m Limp Gawd

    Messages:
    334
    Joined:
    Oct 5, 2015
    the fact that we are mitigating this on intel systems is also worth noting.
    We're not outright preventing it, but we're making it slightly more difficult but any technical person with google skills and the hardware in front can easily do it still.
    Or with admin rights on the host operating system on our KabyLake machines.

    It works as intended still.
     
  34. deton8

    deton8 Limp Gawd

    Messages:
    315
    Joined:
    Sep 27, 2007
    I feel like AMD loses by even acknowledging this obvious chicanery, but I guess patching it in record time is the next best thing.

    Hopefully CTS labs made no money so other jokers aren't tempted to try similar schemes.
     
    d8lock likes this.
  35. thebufenator

    thebufenator Gawd

    Messages:
    987
    Joined:
    Dec 8, 2004
    :ROFLMAO::ROFLMAO:

    You and J. Two peas in a pod
     
  36. Todd Walter

    Todd Walter Limp Gawd

    Messages:
    494
    Joined:
    May 10, 2016
    Local *ROOT* access. You are already owned if the attacker has that.
     
    Darth Kyrie and rgMekanic like this.
  37. Nobu

    Nobu [H]ard|Gawd

    Messages:
    2,027
    Joined:
    Jun 7, 2007
    AMD explicitly said that it's not the flaw from January...
     
  38. lostin3d

    lostin3d [H]ard|Gawd

    Messages:
    1,354
    Joined:
    Oct 13, 2016
    Next thing they'll be telling us that P@ssword or 12345678 are major risks to security and it could take years for some people to change. Well. . . .at least there they might be right. Honestly this just seems like a free publicity grab, probably trying to set themselves up to impress some investors.
     
    Darth Kyrie likes this.
  39. naib

    naib [H]ard|Gawd

    Messages:
    1,058
    Joined:
    Jul 26, 2013
    Umm... That's what I wrote. What I linked from January wasn't todo with spectre (coincidentally made public at the same time ) BUT an oversight in AMD's PSP where a custom firmware loaded would provide full access

    This is exactly the same thing and is old news
     
  40. naib

    naib [H]ard|Gawd

    Messages:
    1,058
    Joined:
    Jul 26, 2013
    What? What I linked to has nothing to do with intel. This is specific to AMD's PSP
     
    juanrga likes this.