Researchers from the CTS-Labs company claim to have found 13 vulnerabilities that affect processors of the AMD Ryzen (desktop) and AMD EPYC families (servers).
These vulnerabilities could be exploited by potential attackers to install malware in theoretically safe parts of these processors that would give full access to all the data (privileged or not) of the machines in which they are installed.
Ryzenfall, Masterkey, Fallout and Chimera
In CNET highlights how this security company based in Israel took only 24 hours to AMD to check the validity of vulnerabilities before publishing his study.
According to CTS-Labs, the 13 discovered vulnerabilities have been divided into four groups that affect AMD’s desktop processors (Ryzen and Ryzen Workstation) and server processors (EPYC and EPYC PRO).
In all of them, explain these researchers, access is achieved to the AMD Secure Processor, a protected part of the processor in which we find privileged data to which both developers and potential attackers never have direct access.
The four groups of vulnerabilities are the following:
- Ryzenfall: affects Ryzen processors and allows the malware that takes advantage of it to take control of the processor, including protected data such as encryption keys or passwords. Normally an attacker does not have access to these regions of memory, but this vulnerability would allow access to this. An attack of this type would allow a cyber-attacker to overcome the Windows Defender Credential Guard system, for example.
- Masterkey: affects both the Ryzen and the EPYC, and allows a cyber-attacker to install persistent malware and even overcome the protection of mechanisms such as Secure Encrypted Virtualization (SEV) and the Trusted Platform Module (TPM) firmware of these processors. This vulnerability is able to install malware in the BIOS of these systems, thus controlling the start of operating systems installed on the affected machines.
- Fallout: in this case the affected processors are the EPYC, and with this vulnerability a cyber attacker could access and steal the credentials that are spread throughout a network. Normally these are stored in a segregated virtual machine, explained the CEO of CTS-Labs, Ido Li On, but with this problem that segregation that protects those credentials is broken.
- Chimera: this problem actually comes from two, one in the firmware and the other in the hardware of AMD processors. Exploiting these vulnerabilities, keyloggers and other types of malware could be installed both in the victim’s operating system and in the processor itself.
What do I do if I have one of these processors?
At the moment users can not do anything to correct the problem, and CTS-Labs ensure that anyone who uses these microphones will be affected by the vulnerabilities.
The people in charge of CTS-Labs explain that these problems could take months to be solved , and that hardware vulnerabilities like Chimera could have no direct solution.
There is no additional information about the affected operating systems, but CTS-Labs has contacted AMD and Microsoft to share this information. There are no details at the moment from AMD that confirm that the vulnerabilities exist and what risks they imply, so that everything we know comes from the report released by the Israeli company.
An AMD spokesperson explained after receiving the report how “At AMD, security is a key priority and we work continuously to ensure the safety of our users as new risks arise.” We are investigating this report, which we have just received, to understand the methodology and the consequences of these discoveries.”
Continue Reading: What graphics card to buy for a PC Gaming 2018?
Remembering Meltdown and Specter
The vulnerabilities for these AMD processors appear after the disaster that we experienced recently with Meltdown and Specter, the serious security failures that affected both x86 processors of Intel and AMD as well as ARM processors.
In AMD they said then that only part of those problems affected their microphones, and they, Intel, Microsoft and other software and hardware companies have been releasing patches.
These patches help to minimize the potential damage of a problem that could be the cause of serious security attacks in the medium and long term. Intel is already working on immune processors to Meltdown and Specter, but that has not freed her from lawsuits related to these issues.
Now it remains to be seen if the security implications are as terrible as those that appeared with Meltdown and Specter, and if so we will have to wait for how AMD acts to solve these security problems and the collateral effects that derive from them.
Doubts and suspicions about the report
The discovery of such vulnerabilities could be really serious, but the truth is that everything that surrounds this investigation and the published report raises some doubts.
To begin with, the company responsible for the report, CTS-Labs, which according to the information on its official website was founded in 2017. An official website that, by the way, does not support HTTPS, something that hits especially in a company dedicated to cybersecurity. To this are added the assertions that there may be financial interests in this type of publications:
Although we believe in good faith in our analysis and believe that it is objective and impartial, you are warned that we may have, directly or indirectly, an economic interest in the performance of the values of the companies whose products are the subject of our reports.
The fact of clearly indicating that they only gave AMD 24 hours to investigate those vulnerabilities before making the report public is also suspect.
The usual norm, recalled in the CNET article, establishes a period of 90 days for a “responsible disclosure” by security companies that want to make vulnerabilities public they find. That allows companies whose products are affected to try to react and stop the problem before the details about it spread.
In some discussion forums such as Reddit or Hacker News, several comments point to the fact that the economic interest they recognized in CTS-Labs could actually be the only motivation for the company’s way of acting. The manipulation of the price of the shares, some argue, could be the reason for this way of acting on the part of CTS-Labs.
The impact and severity of the failures is also unclear, and information about these problems is not supported by CVE reports such as those that did appear for the Meltdown and Specter vulnerabilities. All this does not mean that the problems do not exist, but of course the way of acting of CTS-Labs is certainly debatable and, to a certain extent, suspicious. We will be attentive to the news and comments that AMD can make on the matter in the coming hours.