Tuesday, March 20th 2018
Initial AMD Technical Assessment of CTS Labs Research
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with its findings. Security and protecting users' data is of the utmost importance to us at AMD and we have worked rapidly to assess this security research and develop mitigation plans where needed. This is our first public update on this research, and will cover both our technical assessment of the issues as well as planned mitigation actions.
The security issues identified by the third-party researchers are not related to the AMD "Zen" CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
As described in more detail above, AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations. It's important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.
Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues. A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.
The security issues identified can be grouped into three major categories. The table above describes the categories, the AMD assessment of impact, and planned actions.
AMD will provide additional updates on both our analysis of these issues and the related mitigation plans in the coming weeks.
The security issues identified by the third-party researchers are not related to the AMD "Zen" CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues. A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.
The security issues identified can be grouped into three major categories. The table above describes the categories, the AMD assessment of impact, and planned actions.
AMD will provide additional updates on both our analysis of these issues and the related mitigation plans in the coming weeks.
98 Comments on Initial AMD Technical Assessment of CTS Labs Research
and with maxwell you need a certificate bypass in nvflash
i flashed dozends of maxwell cards, and modified their Vbios with a hexeditor to get the 2 missing volt-sliders in the maxwellbiostweaker
deleting the shitty VRel-Stuff
www.computerworlduk.com/security/security-backdoors-that-heped-kill-faith-in-security-3634220/
www.wired.co.uk/article/huawei-nsa-nightmare
How is this not a bigger deal?
qz.com/1192493/china-spied-on-african-union-headquarters-for-five-years/It is. The big three have issued warnings on the case.
money.cnn.com/2018/02/14/technology/huawei-intelligence-chiefs/index.html
But after the Kaspersky fiasco, I doubt they could go into full ban mode without first stocking the FUD flames. The bitter taste of PRISM revelations still lingers as well.
en.m.wikipedia.org/wiki/The_Thing_(listening_device)
www.nytimes.com/1988/11/15/world/the-bugged-embassy-case-what-went-wrong.html
If I remember correctly one of the reasons why NSA kept quite over Huawei backdoors was they used it to spy over other countries which were using Huawei routers on their network. Snowden was the one who brought it light and its one of the reasons why he had to flee USA.
this answer to all ; only the masterkey attack could remain permanent but can be fixed through bios update
looking forward to see the next cts report for other hardware also .....
Nothing to see here folks. No, literally nothing to see here. Move on.
You proclaiming that it is any less serious than it actually is borders on the deranged and is nothing less than reckless and irresponsible.
Only gpu.. wait, Only hardware I haven't been able to flash custom stuff on in my possession over the years is the vega.So where is their finding on Intel, IBM, Samsung, Apple ?
it's all in the same ballpark.
Again, as pointed out multiple times by multiple contributors, if these conditions are met they allow for anyone to do almost anything within such environment anyway.
AMD confirms all reported vulnerabilities
AMD sees the vulnerabilities as somewhat substantial and will release updates to patch the vulnerabilities
AMD does not expect any performance decreases (TBD)
AMD needs to improve the efficiency of PR
CTS Labs research was validated
CTS Labs needs to learn and execute best practices and better ethics
End of story for now.
....just looked down, both my hands are pud free... ;)
People are still defending it too...?
Let me repat it again:
- need to be first capable to connect to a targeted system
- remote system needs to be admin enabled during interaction
- you have to know which board exactly is used in the system to flash it successfully
That's one hell of an "if" factors don't you think? People who think you just open up CMD and type in some gibberish and voila, you're connected like a tr00 hacker need to stop watching movies.
And if you read back my posts, I never said findings are fake. I just said method of publishing it was absolutely retarded and that all the generated drama around it is pointless as severity isn't nearly as high as they make it seem to be. Because of above 3 reasons.
Which is why this whole thing is a lot of drama and nothing else. Sure, AMD needs to fix secondary issues with their Secure Processor part, but that's about it. A security problem like any other found on daily basis no one makes massive drama around.
Privilege escalation exploits are the worst. They give you access to protected system without any admin credentials. Here, it is assumed that you have them by default. That's one hell of an assumption that makes the "exploit" ineffective entirely.
Exploit is when you bypass the mechanisms using unconventional methods. What this here is, is a mere design flaw because you need all the privileges an actual official manager of the system would need to make these changes.
We all understand it isn't a huge deal...but a deal that nonetheless needs to be taken care of as they are doing.
On a side note, I wonder if CTS is going to get any jobs after this debacle of theirs? lol
Edit: I see EarthDog beat me to the punch on this.
It really isn't a big deal many speculated this (many denied there even was an issue), but again, it's a deal that needs to be mitigated none the less.
*shows hands.... pud free*