neufuse Veteran Posted March 13, 2018 Veteran Share Posted March 13, 2018 AMD has a Spectre/Meltdown-like security flaw of its own Researchers find 13 vulnerabilities in AMD’s Ryzen and EPYC chips, which could let attackers install malware on highly guarded portions of the processor. Researchers have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices. Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer. CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. Continued at source.. Source: https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/ Link to comment Share on other sites More sharing options...
Andre S. Veteran Posted March 14, 2018 Veteran Share Posted March 14, 2018 I'm not buying any CPU until AMD and Intel fully sort this out. Not with software patches, at the hardware level. goretsky 1 Share Link to comment Share on other sites More sharing options...
exotoxic Posted March 14, 2018 Share Posted March 14, 2018 (edited) I wonder which government paid for this... Quote Apparently a backdoor has been implemented that gives any attacker knowing the right passcode full access to the chipset, including arbitrary code execution inside the chipset. ... Your keyboard, mouse, network controllers, wired or wireless, are all connected to the chipset, which opens up various other attack mechanisms like keyloggers (that send off their logs by directly accessing the network controller without the CPU/OS ever knowing about these packets) https://www.techpowerup.com/242328/13-major-vulnerabilities-discovered-in-amd-zen-architecture-including-backdoors Link to comment Share on other sites More sharing options...
Mindovermaster Moderator Posted March 14, 2018 Moderator Share Posted March 14, 2018 Hackers always gunna find a way... Link to comment Share on other sites More sharing options...
Mockingbird Posted March 15, 2018 Share Posted March 15, 2018 (edited) This is nothing like Spectre and Meldown. The flaws require having local administrator privilege. Furthermore, the flaws were greatly exaggerated, and the whole research is funded by Viceroy Research, which is a firm that makes money by shorting stocks. This video pretty much explains it: Article: https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs Circaflex, +Eternal Tempest, trieste and 2 others 5 Share Link to comment Share on other sites More sharing options...
+Eternal Tempest MVC Posted March 15, 2018 MVC Share Posted March 15, 2018 (edited) 41 minutes ago, Mockingbird said: This is nothing like Spectre and Meldown. The flaws require having local administrator privilege. Furthermore, the flaws were greatly exaggerated, and the whole research is funded by Viceroy Research, which is a firm that makes money by shorting stocks. Article: https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs They gave AMD only 24 hours between informing them and going public with the "summary" of the flaws. Not arguing against the potential merit, the actual extent and impacted will be validated / clarified by AMD / non-AMD security researchers but how this was handled feels very unusual. Link to comment Share on other sites More sharing options...
Mockingbird Posted March 15, 2018 Share Posted March 15, 2018 (edited) 14 minutes ago, Eternal Tempest said: They gave AMD only 24 hours between informing them and going public with the "summary" of the flaws. Not arguing against the potential merit, the actual extent will be validated by AMD / non-AMD security researchers but how this was handled. Basically, the whole episode was Viceroy Research's attempt at stock manipulation: short-selling then crashing AMD's stock CTS-Labs is just a shell company. trieste 1 Share Link to comment Share on other sites More sharing options...
Mando Posted March 15, 2018 Share Posted March 15, 2018 17 hours ago, Mockingbird said: This is nothing like Spectre and Meldown. The flaws require having local administrator privilege. Furthermore, the flaws were greatly exaggerated, and the whole research is funded by Viceroy Research, which is a firm that makes money by shorting stocks. This video pretty much explains it: Article: https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs spectre needs elevated privs. so yes it is similar to spectre in that respect. Link to comment Share on other sites More sharing options...
Recommended Posts