iTnews

'Critical' firmware and hardware flaws found in AMD chips

By Ry Crozier on Mar 14, 2018 5:48AM
'Critical' firmware and hardware flaws found in AMD chips

But how severe, and were they responsibly disclosed?

An Israeli security firm says it has discovered 13 "critical" vulnerabilities and "manufacturer backdoors" in AMD processors, but security researchers have cast doubt over the claims.

CTS-Labs today published what it called a “severe security advisory” alleging it had identified serious Meltdown-like vulnerabilities affecting AMD chips.

AMD said in a statement it was "actively investigating and analysing [the] findings".

But already there are doubts being raised about the severity of the alleged flaws, as well as criticism over the way they were disclosed.

Rendition InfoSec founder Jake Williams did not dispute whether the flaws were real but raised concerns via Twitter that “AMD had 24h to respond to the notice before public announcement” by CTS-Labs.

If true, it would break with the usual responsible disclosure protocol of giving companies 90 days notice to fix flaws before they were made public.

AMD did not say how much notice it had been given, though it alluded to the time being less than standard.

"This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings," the chipmaker said.

"At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise."

Intel, AMD and ARM, by contrast, were given the standard 90 days by Google researchers to address the Meltdown and Spectre flaws that finally surfaced in January. That was pushed out twice to grant more time to find fixes.

CTS-Labs was also criticised in forums for a “legal disclaimer” on its disclosure, which warned that “although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports".

Swiss-based security researcher Arrigo Triulzi panned the disclosure for its lack of technical detail and the prerequisites required to exploit the alleged vulnerabilities.

For three out of four classes of vulnerability - codenamed Ryzenfall, Fallout and Chimera - “local-machine elevated administrator privileges” are required to exploit them, the CTS-Labs white paper says.

The other alleged vulnerability, which CTS-Labs calls Masterkey, “requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update”.

“If you allow unauthorised BIOS updates you are screwed,” Triulzi said, similarly panning the other alleged vulnerabilities.

"These vulnerabilities require admin privileges and are limited to the specified processors," security vendor Ensilo said in an FAQ. 

"Meltdown/Spectre, on the other hand, don’t require admin privileges and exists on almost every Intel/AMD/ARM processor in one form or another, and required massive software patches."

CTS-Labs said it had purposely “redacted ... all technical details that could be used to reproduce the vulnerabilities” but had “shared this information with AMD, Microsoft, and a small number of companies that could produce patches and mitigations".

It said it did not know when - or if - fixes could actually be produced.

“Firmware vulnerabilities such as Masterkey, Ryzenfall and Fallout take several months to fix,” it said.

“Hardware vulnerabilities such as Chimera cannot be fixed and require a workaround.”

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
amd chimera critical firmware hardware masterkey ryzenfall security vulnerabilities

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Ensure your e-signatures are legally binding
Ensure your e-signatures are legally binding
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • Beat the DDoS blackmailers in 2021
By Ry Crozier
Mar 14 2018
5:48AM
0 Comments

Related Articles

  • Former California police captain pleads guilty in eBay cyberstalking case
  • AEC preps election IT systems overhaul for market
  • Govt unveils IoT code of practice to protect devices from hacking
  • NSW Police body-cam discretion to stay
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Telstra blasts plan to 'set aside' mobile spectrum for Optus and TPG, but not it

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Tyro halts trading following week-long outage

Tyro halts trading following week-long outage

Woolworths to build a platform to host subscription-based services

Woolworths to build a platform to host subscription-based services

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.