CTS-Labs Responds to a TechPowerUp Technical Questionnaire

[Shamalamadingdong]

Processors have microcode. Chipsets don't. And hardcoded backdoors are very different from spectre.

Are you saying the PSP (which is a processor) can't receive microcode updates? The majority of the exploits pertain to the PSP. It was only the ASMedia chipset that was said to have a hardware backdoor. No information given indicates the PSP is unpatchable.

 

[TheoneandonlyMrK]

Great work getting such direct info from Cts but I prefer anandtechs interview tbh, harsher questions were asked in the right way, the issues as seen cannot possibly be Just Amds issue ,as they(Cts though veiled) admit many intel systems incorporated asmedia controllers(the right type) and they too are susceptible,

However CTS labs have not looked into this being a attack vector for intel in any way yet say it's just AMD, seams lame on a lot of fronts still.

But I would obviously like to hear Amds take , not even slightly concerned at this point, oh nose , just remembered asmedia controllers are also frequently on Amd Fx motherboards, the holes are everywhere doh.

 

[R-T-B]

Are you saying the PSP (which is a processor) can't receive microcode updates? The majority of the exploits pertain to the PSP. It was only the ASMedia chipset that was said to have a hardware backdoor. No information given indicates the PSP is unpatchable.

The part you quoted (and I responded to) referencing the ASIC only pertains to the chipset, so I am unsure why you are bringing the PSP into this at all. The chipset is the only area in which hardcoded backdoors apply. The PSP exploits are different. The PSP can be patched and they admitted that if you read.

People need to stop blindly thanking people who clearly don't even understand what's going on here.

 

[TheoneandonlyMrK]

The part you quoted (and I responded to) referencing the ASIC only pertains to the chipset, so I am unsure why you are bringing the PSP into this at all. The chipset is the only area in which hardcoded backdoors apply. The PSP exploits are different. The PSP can be patched and they admitted that if you read.

People need to stop blindly thanking people who clearly don't even understand what's going on here.

The clarity you have provided is worthy of thanks since the debate between you has ended up clearing a point up others might be unsure of but if it erks what can I do.

 

[bug]

Or, as was already mentioned in some articles (TPU included - I believe I posted it here as well in one of the threads), that 3rd party verification took ToB 4-5 days. If AMD was notified on Tuesday, this would be the 4th day. I wouldn't expect anything until Monday.


I gotta say though the delivery was quite possibly the worst ever, my focus is on the vulnerabilities...regardless if they are fairly innocuous to us as end users (cloud providers on the other hand...).

Spot on. Unfortunately, so far this seems to go as badly as possible for AMD (i.e. lousy disclosure, real vulnerabilities).

 

[W1zzard]

So they don't know how processors have been patched previously? The recent industry-wide Spectre patches escaped their notice?

The chipset has certain functionality (including a backdoor) implemented in physical circuitry, which is fixed and can not be modified, so unpatchable. The other vulnerability in the chipset _firmware_ (which is software), is patchable.

 

[Dave65]

Acknowledged all AsMedia based USB chipsets are vulnerable, yet still targeting just one specific company. If there is any concern it should be Intel MoBo which has way higher market share and they got 0 mention. Fishy AF.

CTS can spin this whatever they want. At least this end user is not buying into their BS.

Security experts, including Linus, weighs in on the situation after thr anandtech phone call.

https://www.realworldtech.com/forum/?threadid=175139&curpostid=175169


Lets see what they say after TPU phone call

Totally agree, they pretty much have ZERO credibility with "most" people.. I guess only AMD uses AsMedia:/

 

[HD64G]

Since they found the AsMedia bug but ignored the effect for Intel systems running on this chipset and named the website AMDFlaws.com, there is no doubt at all for me that they just attacked AMD in purpose instead of trying to help computer security in general as any security company should do. Their motives are mystery for now but they (the guys behind that job I mean) are flawed as professionals themselves for sure...

 

[bug]

Totally agree, they pretty much have ZERO credibility with "most" people.. I guess only AMD uses AsMedia:/

What's with people obsession with CTS Labs' credibility? We already established they're a no-name that handled this as badly as possible. Thus, next to zero credibility.
But if a convict is telling me the person next to in me in a bus is picking my pocket, I'd be concerned about my pocket first and then with the convict's rap sheet.

So far, the news is every party they've contacted so far was able to confirm their findings. Save for AMD.

 

[ikeke]

The chipset has certain functionality (including a backdoor) implemented in physical circuitry, which is fixed and can not be modified, so unpatchable. The other vulnerability in the chipset _firmware_ (which is software), is patchable.

It's just what they are saying, though? I see no proof, just a lot of hot air from CTSlabs.

edit: also, if they want to see how AMD is "unable" to fix issues then perhaps you can point them towards latest example that i know of, which is a fix for, well-well AMD-PSP
http://seclists.org/fulldisclosure/2018/Jan/12

(hmm, perhaps they even acknowledge this specific issue as known to them, as per AT interview, but they have not followed up on its fix status https://www.anandtech.com/show/12536/our-interesting-call-with-cts-labs "In fact the one vulnerability that came out with AMD that was a lower level vulnerability that came out about 3 months ago and I believe they still have not come out with a patch. And now we are talking about 13 of them." )

 

[Xzibit]

As a pretty damning follow up to this story concerning the ASMedia issues:

https://www.extremetech.com/computi...ith-amd-security-disclosures-digs-deeper-hole



This flaw absolutely affects Intel as well as AMD. It actually (as Extremetech points out) should have had its own website, ASMediaflaws.com

Yup, Just checked my old Asus SaberTooth Z77, has ASMedia 1042.

 

[Countryside]

"We had no past experience"

 

[john_]

Those guys knew about ASMedia problems for 6 years? But didn't informed anybody? Maybe they where cashing out that knowledge all this time. Then probably someone came and convince them to use this information as part of a huge campaign against AMD, to make a quick and much bigger financial gain. TPU should have pressed them more in the "Why haven't you disclosed those ASMedia vulnerabilities to the public sooner, as you did with AMD? Why did you associated the ASMedia problems with AMD, considering that you confirm that the problem exists on Intel motherboards too?" part. But I guess those guys set certain parameters before accepting to answer that phone call.

 

[ikeke]

If i were to hazard a guess then these guys have inside info from previous employer, who wont be very happy with them going after a quick buck.

Unit 8200, i mean.

 

[Aquinus]

TPU: How do you respond to people saying that once an attacker has administrative access, you are f'd anyway? How are the attacks you uncovered more severe?
CTS: This is misleading and incorrect. Attackers think of machines not as individual nodes but as part of a network. Gaining local administrative access on a compromised computer inside an organization is easy for attackers. The challenge is moving laterally from there to other machines, and maintaining access for the future. That is exactly what these vulnerabilities provide.

I'm confused by this answer. If you have admin access on a box, you already have access to the network through that box but, these vulnerabilities don't get you access to other boxes. It's more like digging your feet into the box you've already compromised. This sounds like a non-answer. If anything it can keep a machine infected but, it doesn't help you get into other machines on a network.

 

[ikeke]

Most of these answers are "techie talk", in sense that when using correct phraseology and concepts someone can sound important and in the loop.

When in fact they are but a script-kiddie, pushing someones exploit.

https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

 

[john_]

I'm confused by this answer. If you have admin access on a box, you already have access to the network through that box but, these vulnerabilities don't get you access to other boxes. It's more like digging your feet into the box you've already compromised. This sounds like a non-answer. If anything it can keep a machine infected but, it doesn't help you get into other machines on a network.

That's another part I have a problem to believe. I mean, who pays for a network of 1000 PCs, for example, if one PC that's get infected with malware, is enough to bring down the whole system? I think this is deliberate and tries to scare admins to not replace an older Intel system with a modern AMD one. "If you buy EVEN ONE new Ryzen/Epyc system, and put it in the same network with the 999 secure Intel PCs, then ALL PCs are in danger".

For people who say that they don't have much experience communicating their findings to the public, they do have a hell of a great experience in destroying someone's reputation and making it sure that everyone will avoid that someone's products at all costs. Not avoid investing a great deal of money buying many of those products, but even avoiding the minimum investment that is needed to buy just one of those products.

 

[rtwjunkie]

I just want to say thanks for the TPU follow-up which was done. The questions were technical in nature, but non-technical enough that most of the public could understand. It went a long way to making some sense of the debacle they created. It still leaves a lot to be answered, and I look forward to AMD's digestion of this.

 

[FR@NK]

Acknowledged all AsMedia based USB chipsets are vulnerable, yet still targeting just one specific company. If there is any concern it should be Intel MoBo which has way higher market share and they got 0 mention. Fishy AF.

I guess only AMD uses AsMedia:/

Since they found the AsMedia bug but ignored the effect for Intel systems running on this chipset

Intel chipsets don't have any AsMedia vulnerabilities!

But some motherboards manufacturers add an AsMedia chip to their intel platform boards but you cant blame intel for that. Blame falls on AsMedia and the motherboard manufacturer.

Whereas AMD is being targeted because AMD's chipset has the Asmedia hardware built in, so some blame does fall on AMD for the AsMedia vulnerabilities built in to their chipset.

Yup, Just checked my old Asus SaberTooth Z77, has ASMedia 1042.

Asus is to blame for that as they added the Asmedia chip to their board. Disable that controller and use the x79 usb ports.

Re-flashing the BIOS, a prerequisite for MASTERKEY, often does not require physical access to the device.

My biggest concern with masterkey is that the hardware could have the malware BIOS installed by someone at the factory or somewhere in-between before the new system gets delivered to the customer. I'm sure you could get a handheld device that would be possible to flash the bios chip without even powering up the system. The customer would have no way to detect the malware on the new system.

 

[Xzibit]

Asus is to blame for that as they added the Asmedia chip to their board. Disable that controller and use the x79 usb ports.

I get that. They are a lot of board makers that took that liberty throughout the years. Various post on other forums are starting to link and recall several of them over the years.

Be interesting if TPU can compile a list from its review database

ASM1142
Asus Sabertooth Z170 Mark 1
Asus X99-Deluxe II
Asus ROG Rampage V Edition 10
Asus ROG Maximus VIII Hero
Asus Z170-A
Asus X99-E-10G WS
AsRock Fatal1ty Z170
AsRock Fatal1ty X99 Pro Gaming
ASRock Fata1ty X99X
ASRock Beebox-S
ASRock X99 Taichi
ASRock X99E-ITX
ASRock X99 OC Formula
ASRock Z170 OC Formula
ASRock Z170 Extreme4 & Extreme4+
MSI Z170A Xpower Gaming
MSI Z170A Gaming M9 ACK
MSI X99A TomaHawk
MSI X99A Gaming Pro Carbon
MSI X99A GodLike Gaming
MSI Z170A Xpower Gaming Titanium Ed.
Gigabyte Z170X Gaming 6
Gigabyte Brix BKi5A
Gigabyte Z170XP-SLI
Supermicro X7170-OCE
Supermicro C7270-CG
Supermicro C7270-PG Pro Gaming
Supermicro SuperO C7Z170-M
ECS Liva One
EVGA Z170 Classified


Update:

ASM1042
Asus Maximus VIII Extreme
Asus Z97 Pro
Asus P8Z77-V
ASRock Z68M-ITX
ASRock Z77E-ITX
ASRock Fatal1ty Z68 Pro Gen3
ASRock X79 Extreme4-M
ASRock X99X Killer Fatal1ty
ASRock Z68 Extreme 4
BioStar TZ68K+
MSI Z97 Gaming 9 AC
MSI X99A GodLike Gaming - Has more then one of the vulnerable chips
MSI X99S-MPower
MSI Z270 XPower Gaming Titanium
SuperMicro C7Z97-OCE
SuperMicro X7X99-OCE

^This is just a list from one sites review database

 

[OneMoar]

so how exactly do you implement a backdoor on the hardware level care to explain what exactly this hardware backdoor is and how to access it ? because I can't find anything in there disclosure about exactly what this hardware level backdoor is or how to access it or what evidence they have that its unpatchable

if you are accessing it via software then guess what ITS PATCHABLE





I gotta love how vague they are explaining this using terms like 'if our understanding is correct' so basically they don't fully understand there own report what ....

and enabling wp does not enable wp for the entire chip just the rom portion. and then there is ... CMOS storage != bios chip and on boards that do use a portion of the main rom for that its in a reserved isolated address the fact that they don't even know that much is gasoline on the credibility tire fire

also if you have admin you can move laterally through any network that that machine is connected via other attack vectors. to so again if you have admin you are already pwnd

also teaming up with liberboot/coreboot are you fkin kidding me ?

that project has gone exactly nowhere in the 19 years it has existed it works on a barely a handful of boards from at greatly reduced functionality https://www.coreboot.org/Supported_Motherboards

so again I postulate the question why are we even talking to these people they quite simply haven't a goddamn clue

 

[Durvelle27]

Awaiting Moreno information

 

[lexluthermiester]

so am I missing something?

Yes, there are ways to crack a network once you're inside and have admin authoritatives to even one machine on that network. Such access can be structured to grant admin access to many other machines on the same network, regardless of domains.

 

[cadaveca]

so how exactly do you implement a backdoor on the hardware level care to explain what exactly this hardware backdoor is and how to access it ? because I can't find anything in there disclosure about exactly what this hardware level backdoor is or how to access it or what evidence they have that its unpatchable

if you are accessing it via software then guess what ITS PATCHABLE

Intel ME (which also has a "backdoor") is exactly what you are asking about. So, you can disable the ME now via some creative hacking of the ME firmware (you couldn't for like a decade before this, since like 2008), but AMD's equivalent, the PSP, might not have the capability to be disabled in a similar fashion. It was documented that the Intel ME could be disabled because the NSA wanted it that way (this needs verification, I'm sure). But anyway, whoever it was, they wanted it, it was implemented, and now the public has this capability. Then we got the ME hack...

We just need similar for the PSP (oh look, apparently according to this CTS news a reason to disable is present), and a big part of this problem is solved.

 

[OneMoar]

Intel ME (which also has a "backdoor") is exactly what you are asking about. So, you can disable the ME now via some creative hacking of the ME firmware (you couldn't for like a decade before this, since like 2008), but AMD's equivalent, the PSP, might not have the capability to be disabled in a similar fashion. It was documented that the Intel ME could be disabled because the NSA wanted it that way (this needs verification, I'm sure). But anyway, whoever it was, they wanted it, it was implemented, and now the public has this capability. Then we got the ME hack...

We just need similar for the PSP (oh look, apparently according to this CTS news a reason to disable is present), and a big part of this problem is solved.

but me's backdoor wasn't 'hardware' it was in the 'me' blobs the hack involves removing those files from the uefi image thats all it does or setting the HAP bit to 1

which isn't hardware its a firmware flag