• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

AMD Security flaw

Recommended Posts

neufuse    3,245

AMD has a Spectre/Meltdown-like security flaw of its own

 

Researchers find 13 vulnerabilities in AMD’s Ryzen and EPYC chips, which could let attackers install malware on highly guarded portions of the processor.

 

Researchers have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices.

 

Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer.

 

CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers.

 

Continued at source..

 

Source: https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/

Share this post


Link to post
Share on other sites
Andre S.    1,923

I'm not buying any CPU until AMD and Intel fully sort this out. Not with software patches, at the hardware level.

  • Like 1

Share this post


Link to post
Share on other sites
exotoxic    564
Posted (edited)

I wonder which government paid for this...

 

Quote

Apparently a backdoor has been implemented that gives any attacker knowing the right passcode full access to the chipset, including arbitrary code execution inside the chipset.

 

...

Your keyboard, mouse, network controllers, wired or wireless, are all connected to the chipset, which opens up various other attack mechanisms like keyloggers (that send off their logs by directly accessing the network controller without the CPU/OS ever knowing about these packets)

 

 

https://www.techpowerup.com/242328/13-major-vulnerabilities-discovered-in-amd-zen-architecture-including-backdoors

Share this post


Link to post
Share on other sites
Mindovermaster    1,429

Hackers always gunna find a way...

Share this post


Link to post
Share on other sites
Mockingbird    2,368
Posted (edited)

This is nothing like Spectre and Meldown.

 

The flaws require having local administrator privilege.

 

Furthermore, the flaws were greatly exaggerated, and the whole research is funded by Viceroy Research, which is a firm that makes money by shorting stocks.

 

This video pretty much explains it:

 

 

Article: https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs

  • Like 5

Share this post


Link to post
Share on other sites
Eternal Tempest    651
Posted (edited)
41 minutes ago, Mockingbird said:

This is nothing like Spectre and Meldown.

 

The flaws require having local administrator privilege.

 

Furthermore, the flaws were greatly exaggerated, and the whole research is funded by Viceroy Research, which is a firm that makes money by shorting stocks.

 

Article: https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs

They gave AMD only 24 hours between informing them and going public with the "summary" of the flaws.

Not arguing against the potential merit, the actual extent and impacted will be validated / clarified by AMD / non-AMD security researchers but how this was handled feels very unusual.

Share this post


Link to post
Share on other sites
Mockingbird    2,368
Posted (edited)
14 minutes ago, Eternal Tempest said:

They gave AMD only 24 hours between informing them and going public with the "summary" of the flaws.

Not arguing against the potential merit, the actual extent will be validated by AMD / non-AMD security researchers but how this was handled.

Basically, the whole episode was Viceroy Research's attempt at stock manipulation: short-selling then crashing AMD's stock

 

CTS-Labs is just a shell company.

  • Like 1

Share this post


Link to post
Share on other sites
Mando    5,113
17 hours ago, Mockingbird said:

This is nothing like Spectre and Meldown.

 

The flaws require having local administrator privilege.

 

Furthermore, the flaws were greatly exaggerated, and the whole research is funded by Viceroy Research, which is a firm that makes money by shorting stocks.

 

This video pretty much explains it:

 

 

Article: https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs

spectre needs elevated privs. so yes it is similar to spectre in that respect.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.