# 8 Months on, AMD's catastrophic RYZEN hardware PSP vulnerabilities left unpatched.



## rugabunda (Nov 13, 2018)

AMD deleted the following from Reddit; immediately after, Reddit blocked my ability to login. Its called the Talpiot Program. "Tribal chutzpa."

Its been 8 months since Mark Papermaster, Senior Vice President and Chief Technology Officer at AMD has acknowledged hardware level RYZENFALL, FALLOUT, CHIMERA, MASTERKE vulnerabilities, originally exploited by Israel's CTS. AMD's Senior Vice President promised "AMD will provide additional updates on both our analysis of these issues and the related mitigation plans in the coming weeks," well its been 8 months and they opted for a total blackout; 8 months and the greatest chipset level vulnerabilities in AMD's history are apparently spreading freely and openly around the globe. It appears AMD doesn't have any concern for their customers safety, be it corporate, business, or power-users. Such a vulnerability is catastrophic and could result in untold fraud, theft, espionage, you name it. Snowden warned AMD and asked them to opensource PSP for this very reason. They didn't listen:










Read AMD's own public statement and report on these verified vulnerabilities: https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research

There is nothing else to be found on their community forum anywhere.

Problem Description & Method of Exploitation "Attacker who already has compromised the security of a system updates flash to corrupt its contents. AMD Secure Processor (PSP) checks do not detect the corruption. "

Bear in mind:

“In a recent survey it was reported that 90 percent of all businesses suffered some sort of computer hack over the past 12 months and 77 percent of these companies felt that they were successfully attacked several times over the same period of time.”
https://stellarbluetechnologies.com/2015/08/4-scary-hacking-statistics/

A 10 year old could pull this off.

Evidence Suggests Report on AMD Security Was Financially Motivated
https://wccftech.com/report-alleges-amd-ryzen-epyc-cpus-suffer-13-fatal-security-flaws/

These are hardware level exploits that remain persistent after windows reinstall, format etc.


----------



## jboydgolfer (Nov 13, 2018)

Oh boy, you're going to find out (like I did), that any type of negative comment towards AMD (truthful or not) is like insulting the pope inside of a church.

Get ready.... I can already hear the  feverish typing  Of keyboards as i typ this.....


----------



## Bones (Nov 13, 2018)

Clackity-Clackity-Clackity-Clackity-Clackity-Clackity-Clackity-Clackity-Clackity-Clackity-.........

You've just stirred up a huge nest of mechanical keyboards........ And they ain't happy.


----------



## rugabunda (Nov 13, 2018)

Do police, intelligence, banking institutions, international corporations know about this before they buy these chips? If Israeli's can do this, any child could. Tens, hundreds of millions of people will not be happy when they realize AMD's chipsets resulted in the losses of billions of dollars, or worse. At least Intel actually made their vulnerabilities front page news, and initiated steps to mitigate against Intel_ME exploits. How stupid can these people be? Please prove me wrong. This is going to blow up in their faces.


----------



## John Naylor (Nov 13, 2018)

I can't think of a reason to care ... since the 1st of these stories was written for both Intel and AMds choips, I still haven't found the sad story where someone suffered any inconvenience as a resuklt of any of these.   Vulnerabilities which require me to do 6 stoopid things and a hacker 10 really smart things after seeking me out don't really put fear in my heart.


----------



## DeathtoGnomes (Nov 13, 2018)

Oh geez here we go again.

5 bucks if you can name the people that own and run CTS. Then I'll show you a hedge fund manager looking to manipulate AMD stock.

doesnt make what they found any less true tho.


----------



## eidairaman1 (Nov 13, 2018)

rugabunda said:


> Do police, intelligence, banking institutions, international corporations know about this before they buy these chips? If Israeli's can do this, any child could. Tens, hundreds of millions of people will not be happy when they realize AMD's chipsets resulted in the losses of billions of dollars, or worse. At least Intel actually made their vulnerabilities front page news, and initiated steps to mitigate against Intel_ME exploits. How stupid can these people be? Please prove me wrong. This is going to blow up in their faces.


Intel hid their vulnerabilities for over a decade.


----------



## R-T-B (Nov 13, 2018)

I thought the majority of these were patched via BIOS updates?  There certainly were PSP firmware updates issued.

Can anyone more knowledgeable on the AMD side confirm or deny?  AFAIK last I heard the vast majority of these were patched, or on their way to being patched.



rugabunda said:


> A 10 year old could pull this off.



If a 10 year old has local access, maybe.  It's not really that trivial.


----------



## DeathtoGnomes (Nov 13, 2018)

A second look at this post makes me think, its a PR stunt. FUD?


----------



## Jism (Nov 13, 2018)

I believe that AMD was not opensourcing their PSP because it proberly contains technology that has patents or something. But they actually released certain CPU microcode updates which prevents such exploits. Now i am missing in any of your posts if these where covered or not.


----------



## R-T-B (Nov 13, 2018)

DeathtoGnomes said:


> A second look at this post makes me think, its a PR stunt. FUD?



This user was PMing me and my client while we were dealing with the nasty UEFI malware.  I'd categorize him more as a very...  I don't know the diplomatic term so I'm just going to say "worry wort."

I don't think this is a legit issue.


----------



## DeathtoGnomes (Nov 13, 2018)

R-T-B said:


> I thought the majority of these were patched via BIOS updates?  There certainly were PSP firmware updates issued.
> 
> Can anyone more knowledgeable on the AMD side confirm or deny?  AFAIK last I heard the vast majority of these were patched, or on their way to being patched.
> 
> ...


Admin access i think it was


----------



## R-T-B (Nov 13, 2018)

DeathtoGnomes said:


> Admin access i think it was



Well give me any modern windows box with a local console and privilege escalation is only a matter of time.  But yeah.


----------



## rugabunda (Nov 13, 2018)

I created a thread over at AMD: https://community.amd.com/message/2885604


----------



## TheoneandonlyMrK (Nov 13, 2018)

rugabunda said:


> Do police, intelligence, banking institutions, international corporations know about this before they buy these chips? If Israeli's can do this, any child could. Tens, hundreds of millions of people will not be happy when they realize AMD's chipsets resulted in the losses of billions of dollars, or worse. At least Intel actually made their vulnerabilities front page news, and initiated steps to mitigate against Intel_ME exploits. How stupid can these people be? Please prove me wrong. This is going to blow up in their faces.


What have CTS been upto since?.


----------



## rugabunda (Nov 13, 2018)

Jism said:


> I believe that AMD was not opensourcing their PSP because it proberly contains technology that has patents or something. But they actually released certain CPU microcode updates which prevents such exploits. Now i am missing in any of your posts if these where covered or not.



Perhaps; They could at the very least, release a patch for users who want to shut down PSP after boot, reducing surface attack vectors. They suggested their ceos were looking into just that, or open-sourcing it to libreboot. I'll see if i can find that source. They claimed they would go into more detail in the coming weeks with the mitigations, that was 8 months ago, and there is not so much as a peep anywhere. If you can find sources on that, please share it here. And yes this is serious stuff.



__
		https://www.reddit.com/r/linux/comments/5xvn4i


----------



## Melvis (Nov 13, 2018)

What the heck is this come up again for? it was Fud back then and its fud now, so who cares? the so called issues was so minor and retarded that you would literally needed to be at the PC to do any possible harm to it and required a flashing of the BIOS from memory? another words not going to happen unless your James Bond.


----------



## Divide Overflow (Nov 13, 2018)

It's a new member FUD frenzy!


----------



## R-T-B (Nov 13, 2018)

Divide Overflow said:


> It's a new member FUD frenzy!



He's not new.

Not really anything to worry about either though.


----------



## rugabunda (Nov 13, 2018)

The reddit thread was re-opened here: 




__
		https://www.reddit.com/r/Amd/comments/9wjhi8

Ok here it is finally... well, thats a good start, but until PSP can be secured permanently by disabling it post boot, or making it open source, it will likely be a continual cat and mouse game... 
https://www.tomshardware.com/news/amd-vulnerability-patches-ecosystem-partners,36993.html

Within approximately 30 days of being notified by CTS Labs, AMD released patches to our ecosystem partners mitigating all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Chimera across all AMD platforms. These patches are in final testing with our ecosystem partners in advance of being released publicly.  We remain on track to begin releasing patches to our ecosystem partners for the other products identified in the report this month.  We expect these patches to be released publicly as our ecosystem partners complete their validation work.


----------



## GoldenX (Nov 13, 2018)

My motherboard lets me do a partial shut down of PSP, that plus the BIOS patches should be enough.


----------



## btarunr (Nov 13, 2018)

theoneandonlymrk said:


> What have CTS been upto since?.



Coughing up ungodly amounts of money on interest payments for their shorting positions, if they haven't shorted for scraps already.

I'm closing this thread for flamebait. Feel free to necromance the newspost discussions.


----------

