Tuesday, March 20th 2018

Initial AMD Technical Assessment of CTS Labs Research

Press Release by
btarunr
 Discuss (98 Comments)
On March 12, 2018, AMD received a communication from CTS Labs regarding research into security vulnerabilities involving some AMD products. Less than 24 hours later, the research firm went public with its findings. Security and protecting users' data is of the utmost importance to us at AMD and we have worked rapidly to assess this security research and develop mitigation plans where needed. This is our first public update on this research, and will cover both our technical assessment of the issues as well as planned mitigation actions.

The security issues identified by the third-party researchers are not related to the AMD "Zen" CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018. Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.
As described in more detail above, AMD has rapidly completed its assessment and is in the process of developing and staging the deployment of mitigations. It's important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.

Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research. Further, all modern operating systems and enterprise-quality hypervisors today have many effective security controls, such as Microsoft Windows Credential Guard in the Windows environment, in place to prevent unauthorized administrative access that would need to be overcome in order to affect these security issues. A useful clarification of the difficulties associated with successfully exploiting these issues can be found in this posting from Trail of Bits, an independent security research firm who were contracted by the third-party researchers to verify their findings.

The security issues identified can be grouped into three major categories. The table above describes the categories, the AMD assessment of impact, and planned actions.

AMD will provide additional updates on both our analysis of these issues and the related mitigation plans in the coming weeks.

Related News

Add your own comment

98 Comments on Initial AMD Technical Assessment of CTS Labs Research

#76
EarthDog
My apologies I cannot make it any more clear in my follow up. I can't help you there big guy. What I will not do is waste another second of my time and those who may come across this thread in continuing to defend and make myself clear.
Posted on Reply
#77
thebluebumblebee
btarunrThis raises chances of an NVIDIA nForce revival.
IIRC, Nvidia quit that business.
What's curious to me is what happened to the ATI chipset? Did AMD cut them, with all of the layoffs that they had?
Posted on Reply
#78
ikeke
You say they f-ed up the delivery, I say the delivery was done exactly as it was done just to boost some ulterior motive.

(Viceroy, NineWells & mentions of possible profit due to the "amdflaws" by CTS-Labs)

Every passing day has thusfar only proven this.
Posted on Reply
#79
thesmokingman
EarthDogMy apologies I cannot make it any more clear in my follow up. I can't help you there big guy. What I will not do is waste another second of my time and those who may come across this thread in continuing to defend and make myself clear.
:banghead:
Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.
Posted on Reply
#80
DeathtoGnomes
ikekeYou say they f-ed up the delivery, I say the delivery was done exactly as it was done just to boost some ulterior motive.

(Viceroy, NineWells & mentions of possible profit due to the "amdflaws" by CTS-Labs)

Every passing day has thusfar only proven this.
Ivew been saying this but moderators seem to think its a low quality response.
thesmokingman:banghead:
Although we have a good faith belief in our analysis and believe it to be objective and unbiased,
you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.
is this the viceroy quote or CTS? Doesnt matter, it spells out exactly why this whole event unfolded as it did, stock manipulation.


I find it odd no one mentioned the fact that the CEO (forgot the name already/unimportant now) of CTS (or is it Viceroy) just happens to be a legit fund manager gambling on AMD stock prices. Anyone who watched the video from GN would know that and stop arguing about why they did it as they did it.
Posted on Reply
#82
laszlo
my last post related to this matter

i think there are hundreds of "flaws" hard&soft from which we're not aware at every manufactures $soft developer

there are&will be smart people who understand how things works and can bypass any security without anyone's knowledge; for some is a question of prestige for other easy money

we'll be never safe unless we disconnect the internet; this not an option so we'll have to take risks and act accordingly to the infos we have and try to protect us as we can..

i understand cts and i don't blame them for releasing these infos because:
-there aren't any mandatory written regulation on how to proceed in matters like this; "general rules" or "gentleman's agreement" mean nothing
-they made money in every possible variant; being paid to do this research; selling the infos in advance for stock manipulation ... and who know maybe they sold the masterkey code already and nobody know ...
-self promotion as nobody heard of them

the only thing i don't like..they seems to have close connections with the israeli nsa equivalent so who knows what is their real goal....

"Good morning, and in case I don't see ya, good afternoon, good evening, and good night! " :)
Posted on Reply
#83
dyonoctis
CTS-labs calls bullshit on AMD claims :
safefirmware.com/CTS+comments+on+AMD+response+to+vulnerabilities.pdf
We believe AMD is attempting to downplay the significance of the vulnerabilities

Our view is AMD’s suggested timeline for its patches roll out is drastically optimistic we believe a number of the fixes are likely to take months, not weeks.


Regardless of views on how we communicated the information, the fact remains that this further raises a red flag about the overall state of affairs in AMD Product Security
Posted on Reply
#85
EarthDog
dyonoctisCTS-labs calls bullshit on AMD claims :
safefirmware.com/CTS+comments+on+AMD+response+to+vulnerabilities.pdf
Sweet jebus, they are all in, aren't they? o_O

I should put links in my sig to things i need to refer back to in 'weeks' to see what happened.... :p. This is either going to validate the message (not the delivery or motives), or officially hang CTS, who by all accounts, has a noose already there. Some have have already kicked the chair out, others are waiting for a last minute stay of execution.
Posted on Reply
#86
lexluthermiester
HTCNot directed @ you specifically but, in light of what's currently known about CTS-Labs, i call bullshit on this claim.
After looking through more of the data available, I'm inclined to agree with CTS. AMD did side-step one of the real problems. The option to disable the PSP is the best solution for some of those vulnerabilities. IMHO, it was a mistake to include a not-so-secret piece of hardware completely beyond user control. And before anyone calls me an Intel fanboy, I have the same conclusion over Intel's version of same. The difference being that most system bios' allow for disabling of it in one way or another and if not, simply not installing the drivers/software package solves the problem. With AMD's PSP there are no such options and it is open for attack and exploitation.
Posted on Reply
#87
R-T-B
lexluthermiesterThe difference being that most system bios' allow for disabling of it in one way or another and if not, simply not installing the drivers/software package solves the problem.
Most bios? How about none. Disabling the ME is some hardcore hackery that requires modded firmware.

Not installing the drivers does not shield you on either side, you just make the OS even less aware of what the ME/PSP is doing.
Posted on Reply
#88
lexluthermiester
R-T-BMost bios? How about none. Disabling the ME is some hardcore hackery that requires modded firmware.

Not installing the drivers does not shield you on either side, you just make the OS even less aware of what the ME/PSP is doing.
I was talking only of Intel's ME. And yes it can be disabled.
Posted on Reply
#89
R-T-B
lexluthermiesterI was talking only of Intel's ME. And yes it can be disabled.
It can, but it's not a simple bios setting. Google fought long and hard to develop hacked firmware to disable it for their servers because no intel products with a disable option exist.

This was in the news not too long ago. It's also never truly completely disabled, only more neutered. Some reading:

hothardware.com/news/researchers-figured-out-how-to-turn-off-intel-management-engine-11-thanks-to-nsa
Posted on Reply
#90
lexluthermiester
R-T-BIt can, but it's not a simple bios setting. Google fought long and hard to develop hacked firmware to disable it for their servers because no intel products with a disable option exist.

This was in the news not too long ago. It's also never truly completely disabled, only more neutered. Some reading:

hothardware.com/news/researchers-figured-out-how-to-turn-off-intel-management-engine-11-thanks-to-nsa
Ah, I see your point. Perhaps then I should restate. In this example "disabled" was meant inaccessible, null and/or unusable. There are bios options in all affected Intel based bios/uefi settings where disabling all virtualization options and management engine associated settings, including the built in LAN. Then by using a USB based, non-Intel chipset based LAN/WIFI adapter as well as not installing or provisioning the AMT, Intel ME is effectively disabled because it is unable to function outside the boot sequence and can not be accessed remotely.
Posted on Reply
#91
Vya Domus
dyonoctisCTS-labs calls bullshit on AMD claims :
safefirmware.com/CTS+comments+on+AMD+response+to+vulnerabilities.pdf
Regardless of views on how we communicated the information, the fact remains that this further raises a red flag about the overall state of affairs in AMD Product Security.
I find it hilarious how they mentioned that without actually addressing those concerns but then they go on to say that the "red flag" is actually at AMD. What a poor attempt to shift the focus away from them.
Finally, and perhaps most concerning of all, is the fact that six security researchers, albeit highly experienced, managed to identify 13 distinct security vulnerabilities in the flagship products of an $11B company with comparably infinite budget for security, and over a period of only six months.
It's not concerning , it's actually suspicious as fuck how a security firm out of nowhere managed to do that in such a short amount of time without major help from some other big company who would've had the required resources. Again , they are trying to avoid addressing that.
Posted on Reply
#92
Prince Valiant
EarthDogSweet jebus, they are all in, aren't they? o_O

I should put links in my sig to things i need to refer back to in 'weeks' to see what happened.... :p. This is either going to validate the message (not the delivery or motives), or officially hang CTS, who by all accounts, has a noose already there. Some have have already kicked the chair out, others are waiting for a last minute stay of execution.
If they haven't already hung themselves with the rest of the industry I'd be shocked. Even if they're right about the fix times you don't follow up an attempt at crapping on a company with another attempt at crapping on the company. How is it that things have progressed from impossible to fix to months?
Posted on Reply
#93
EarthDog
Like I said, they seem to be all in, LOL!
Posted on Reply
#94
RejZoR
CTS is just a remaining "fragrance" of a fart someone left behind. Move on everyone, nothing to see here. CTS has shown multiple times they are bunch of annoying imbeciles crawing for attention or money. Or both. When someone gives company 24 hours to respond and then has the nerve to continue calling them names, who will ever take them seriously? I know I wouldn't. CTS labs, be gone you thot.
Posted on Reply
#95
AlwaysHope
These "bugs" are merely spyware for the CCP to keep western consumers under surveillance.
Posted on Reply
#96
DeathtoGnomes
AlwaysHopeThese "bugs" are merely spyware for the CCP to keep western consumers under surveillance.
raising the dead?
Posted on Reply
#97
Caring1
AlwaysHopeThese "bugs" are merely spyware for the CCP to keep western consumers under surveillance.
I hope that was said tongue in cheek.
Pretty sure China isn't the only one doing that.
Posted on Reply
#98
AlwaysHope
Caring1I hope that was said tongue in cheek.
Pretty sure China isn't the only one doing that.
The cold war never went away, it morphed into version 2.0
Posted on Reply
Add your own comment
Jan 17th, 2025 21:49 EST change timezone

Latest GPU Drivers

New Forum Posts

Popular Reviews

Controversial News Posts