AMD investigating major security flaws in Ryzen chips

AMD investigating major security flaws in Ryzen chips

The CTS Labs security advisory states that the security firm's researchers have discovered "multiple critical security vulnerabilities" and "exploitable manufacturer backdoors" in AMD's latest EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile lines of processors.

There are 4 vulnerabilities that affect the before-mentioned AMD processors, namely, the Ryzenfall, Masterkey, Fallout, and Chimera.

To get there, an attacker needs administrator access, either directly or remotely, in order to flash a computer's motherboard BIOS.

With an infection at the secure boot level, the Master Key threat allows attackers to take control of the programs allowed to run during a computer's startup, as well as to disable other security features on the Secure Processor.

Masterkey, according to CTS-Labs, allows the injection of persistent malware into the Secure Processor, among other attacks.

Which are the affected AMD CPUs?

However, these chips are used in data centres and the vulnerability effectively breaks the virtualised segregation of network credentials from other parts of a server's memory by allowing protected memory areas to be read and written upon.

"The chipset links the CPU to USB, SATA, and PCI-E devices". Because Wi-Fi, network and Bluetooth traffic flows through the chipset, an attacker could use that to infect your device, the researchers said. "An attacker could leverage the chipset's middleman position to launch sophisticated attacks", they said.

Some have noted that the flaws discovered by CTS Labs require administrative privileges to execute, which means attackers would need considerable access to the target system to be able to exploit the flaws and that they are less of a threat than Spectre or Meltdown. "This kind of attack has been demonstrated".

This had raised suspicions that CTS Labs may have a commercial motive for disclosing the AMD vulnerabilities so soon after notifying the chip maker. Standard practice in the industry is to give 90 days notice prior to publicly announcing a vulnerability. It's also worth noting that AMD has been made aware of the issues, as have "select security companies" that could help mitigate the fallout and U.S. regulators.

"At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise", AMD's statement said.

AMD followed up its initial statement with a blog post confirming that the chip maker is investigating and analysing the CTS Labs findings.

Investment firm Viceroy Research published a 25-page report on the issues after the company said it was anonymously emailed a copy of CTS' findings on Monday afternoon.

Third-party researchers said the flaws are genuine, with New York-based Trail of Bits saying it had verified CTS' findings under an arrangement for which Reuters reports CTS paid $16,000 (£11,500).

"These vulnerabilities could expose AMD customers to industrial espionage that is virtually undetectable by most security solutions", the researchers said.

Related Articles