13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

[Jism]

Again, it's too early to claim such.

If i'd had a perfectly working exploit that bypasses, bios level and administrator rights, then i'd be the last one reporting that to AMD, and simply sell it to the highest bidder. Great PR if you've found 13 potential exploits, but the severe of these require a modified bios and administrator rights.

If i'd hack into a server, these exploits would fail me on a user or guest level.

 

[lexluthermiester]

Seriously, drop the official business act.

I think the words you're looking for are objectivity and responsibility.

This is a ruse.

That's what a lot of people said about Meltdown and Spectre.

If i'd hack into a server, these exploits would fail me on a user or guest level.

You seem to misunderstand how they work. If you exploited an EPYC based server using the Fallout vulnerabilities, user access authority level would be irrelevant as you could easily bypass restrictions using the "Secret Processor" as a platform to launch an attack on the system in question.

 

[Jism]

Yeah but for exploiting you need a server board that already has some sort of rigged bios.

 

[Joss]

Even the names and icons were judiciously chosen to give an impression of failure and doom on AMD

 

[thesmokingman]

I think the words you're looking for are objectivity and responsibility.

That's what a lot of people said about Meltdown and Spectre.

You seem to misunderstand how they work. If you exploited an EPYC based server using the Fallout vulnerabilities, user access authority level would be irrelevant as you could easily bypass restrictions using the "Secret Processor" as a platform to launch an attack on the system in question.

rofl

 

[Vya Domus]

Ain't that a nice title.

It is quite scary to see just how effective this faux story was on the yet ripe and tender minds of the lovely fanboys.

 

[lexluthermiester]

Yeah but for exploiting you need a server board that already has some sort of rigged bios.

True! That is what makes this as scary as it is difficult. For remote execution your chances of success seem next to impossible, but if you have physical access to the system in question...

I hope I am wrong.

Very likely.

Even the names and icons were judiciously chosen to give an impression of failure and doom on AMD

Meltdown and Spectre weren't?

It is quite scary to see just how effective this faux story was on the yet ripe and tender minds of the lovely fanboys.

Come on people, enough with the tin hat crap.

 

[Aquinus]

The fact that AMD wasn't contacted by said security company seems fishy to me considering even with Spectre and Meltdown that Google made sure to contact all parties involved to be validate and begin correcting the problem. Going straight to the press does two things. First of all, it gives AMD no time to craft a solution which extends the time that the public knows about it before a solution is in place. It also gives those with malicious intent a one-up on it, if they're real vulnerabilities. For whatever reason, this sounds like an attempt to discredit AMD. The rather childish names of these "issues" also makes me think that they're no real validity to this.

I wouldn't be surprised if this turns out to be fake or simply a vulnerability by having too much access in the first place.

 

[Vya Domus]

enough with the tin hat crap.

My God , you might just be right.

Though we need quite a few more good looking dedicated sites (*Insert obnoxious Wix ad*) to spread the word with fancy names and dank memes.

Ain't nothing like that picture of the leaning tower of Pisa.

 

[windwhirl]

Yeah but for exploiting you need a server board that already has some sort of rigged bios.

True! That is what makes this as scary as it is difficult. For remote execution your chances of success seem next to impossible, but if you have physical access to the system in question...

I've been considering that maybe you could bypass getting physical access and stolen credentials. What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory? Then you could erase all trace of what you did at OS level and do your evil things without anyone taking notice, once the machine reboots. If the attack has a very specific target and people behind it were skilled enough, then there could be other ways to get in and it could be easier for them to do so.

However, I agree that it would be really hard to pull off successfully without physical access in most cases.

 

[lexluthermiester]

What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory?

Oh, that might work. You'd need to both know about such a vulnerability and be sure it hasn't been patched.

 

[phill]

It's got to be true, it's on the internet... I read that somewhere....

As always, lets see what comes of it....

 

[lexluthermiester]

The fact that AMD wasn't contacted by said security company seems fishy to me considering even with Spectre and Meltdown that Google made sure to contact all parties

But that's the point, this isn't Google. It's a new no-name company trying to make a name for itself and wow the world with it's "mad skillz". Whether or not the company's motivations are dubious does not change the seriousness of the information provided nor the practical and responsible research that must go into verifying and fixing vulnerabilities.

 

[ArbitraryAffection]

Some Anti-AMD stock-manipulation BS. Nothing to see here.

 

[Vya Domus]

Nothing to see here.

There is , actually. Because it failed miserably.

 

[1stn00b]

And to exploit all of this vulnerabilities u just need :

1. Physical access to the PC
2. Flash a BIOS with injected malware
3. Have Admin account on that PC

SO EZ : >

 

[Space Lynx]

There is , actually. Because it failed miserably.

Wish I could downvote this, and upvote @1stn00b twice.

 

[Vya Domus]

Wish I could downvote this

I am deeply saddened by your remark.

 

[thesmokingman]

Some Anti-AMD stock-manipulation BS. Nothing to see here.

Apparently some are eating this up and giddily.

 

[windwhirl]

Apparently some are eating this up and giddily.

You know, if I didn't care about this potential security problem, and this were a "real-life forum", brick and mortar and all that, I'd totally get me some popcorn and enjoy seeing the fights between AMD-fans, Intel-fans, skeptical people, paranoid people and everyone else. From a safe distance, of course. Maybe set a betting pool too

 

[wow&wow]

No address, no land line, 4 persons in Isral set up in 2017 (after Intel's "Meltdown inside" in June), ..., but just a website ($4.95/month) and a mobile number +1-585-233-0321!

"For the attacks to work, an attacker must first obtain administrator access to a targeted network, Guido said."

For the car thief to steal the car, the car thief must first obtain the car key and access to the car, CommonSense said.

 

[EntropyZ]

This is so funny. These have little meaning until the exploits can be duplicated plus verified and the vulnerability can be used remotely.

People are making new accounts just to jump in on the fun.

Someone is just mad because AMD is ballin' in desktop/workstation and server. Let the games begin.

 

[Jism]

I've been considering that maybe you could bypass getting physical access and stolen credentials. What if you could take advantage of a vulnerability in Microsoft IIS or Apache, for example, that gave you admin or SYSTEM level access, and from there go and install the rigged BIOS or whatever you wanted with the OS still in memory? Then you could erase all trace of what you did at OS level and do your evil things without anyone taking notice, once the machine reboots. If the attack has a very specific target and people behind it were skilled enough, then there could be other ways to get in and it could be easier for them to do so.

However, I agree that it would be really hard to pull off successfully without physical access in most cases.

It is possible. There are enough servers with outdated configuration and / or software hooked on the net. But for a succesfull bios update you need to restart the system. This will look very odd a server rebooting out of nowhere. Once that happend the payload could be triggered again and you could take over the complete system. Thus with any credentials that might apply on the machine. But this should trigger any admin in the first place, that something is going on.

There are several approaches to a succesfull attack. One of m might simply stick a USB drive into a running server and exploit it's chipset by a handwritten program. Upload your payload and good to go. But even if you 'hack' apache, your still a user, and a user compared to root has different priveledges. None of them as close to flashing a bios lol.

 

[Vya Domus]

This is so funny. These have little meaning until the exploits can be duplicated and verified and the vulnerability can be used remotely.

People are making new accounts just to jump in on the fun.

More fascinating are the highly technical discussions and debates about said vulnerabilities. The world is full of security experts , no wonder CTS-Labs managed to get their hands on such talents.

 

[phanbuey]

And to exploit all of this vulnerabilities u just need :

1. Physical access to the PC
2. Flash a BIOS with injected malware
3. Have Admin account on that PC

SO EZ : >

In other news: Home security panels vulnerable to burglars, once they break into the house and befriend the family dog.