Severe processor vulnerabilities discovered on AMD Ryzen Processors - 13 vulnerabilit

[WYP]

AMD was reportedly given less than 24 hours notice before CTS made the vulnerabilities public.



Read more about Ryzen's reported vulnerabilities.

 

[Bartacus]

This smells. 24 hours notice, when they gave Intel 90 days for Spectre? My anti-Intel tinfoil hat is tingling.

 

[g0ggles1994]

This smells. 24 hours notice, when they gave Intel 90 days for Spectre? My anti-Intel tinfoil hat is tingling.

Same here, there's a thread about it on /r/AMD and they're voicing the exact same concerns about this. Plus the timing of this just before Ryzen 2000 is far too convenient

 

[AlienALX]

Why does it seem like one guy in the video is reading from a script?

Ah well, so at least it's not just my BE chip that leaks like a hole ridden bucket

 

[WYP]

This smells. 24 hours notice, when they gave Intel 90 days for Spectre? My anti-Intel tinfoil hat is tingling.

Same here, there's a thread about it on /r/AMD and they're voicing the exact same concerns about this. Plus the timing of this just before Ryzen 2000 is far too convenient

Regardless of the way you look at it, this issue has been handled the wrong way by CTS Labs, real or not.

The exploits themselves seem terrible when looking at the end game, but the requirements to exploit these issues make them seem extremely easy to avoid.

As mentioned in the article one of them requires BIOS-level malware. If somebody can do that you are well past the "we messed up" stage, as is the heightened privileges required for a lot of the others.

In short, this isn't spectre/meltdown, not even close. It seems like proper system security would avoid most of these problems.

 

[barnsley]

Oh look they've already got a full stack of names for it. Chances are they've been sitting on this for a while and waited for the right time to release them. judging by the registration date for amdflaws.com it looks like this has been planned.

For info,
Creation Date: 2018-02-22T13:52:35Z
(obviously the domain was registered by proxy)



Bit suspect this company was founded in 2017 as well.

The whole site looks and reads (to me atleast) like a scam site. That coupled with the amazing 'research' by https://viceroyresearch.org just makes this whole thing look like a stock scam.

 

[RobM]

I am also inclined to think this is a deliberate means to damage AMD, given the timing just before the refresh, the recent reg for the domain it all just seems suspect to me

 

[WYP]

I am also inclined to think this is a deliberate means to damage AMD, given the timing just before the refresh, the recent reg for the domain it all just seems suspect to me

I have seen a lot of tin foil hat theories on this, mostly saying that Intel is involved and highlighting the fact that the company is a big deal in Israel.

The way that this has been handled smells of a stock scam.

I have updated the article with a comment from AMD, which I will also include below.

We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.

 

[szc001]

Smells like either a marketing stunt for a relatively new company, or else 'someone' stands to benefit from this.

It is also curious that all participants in the video are recorded in front of a green-screen; leads me to believe these guys work out of their mum's basement.

If it walks like a duck, and quacks like a duck...

 

[Kleptobot]

All of the exploits have prerequisites that are already dangerous to allow anyone outside of admin to have

Masterkey - requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update

Ryzenfall - requires that an attacker be able to run a program with local-machine elevated administrator privileges.

Fallout - requires that an attacker be able to run a program with local-machine elevated administrator privileges

Chimera - requires a program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor

so all of these require local administrator privileges, and the last one requires a compromised signed driver... if an attacker has these they don't need any extra exploits

 

[NickOmega]

Just seems like nothing but FUD, designed to try and push people away from AMD.

Definitely something fishy going on, especially with the timing.

 

[dario]

I have found one crucial security issue myself! If you are using Ryzen CPU, all a potential hacker has to do is gain access to your computer and acquire your administrator credentials. With those they can do virtually anything to your system! Shame on you AMD!

 

[RobM]

this is a good view
https://www.youtube.com/watch?v=ZZ7H1WTqaeo

 

[Eddie long]

Sounds very dodgy too me, just watched gamers nexus output on this subject, there were hints at the end of playing against the odds with AMD share price. Smells like someone is loosing money as AMD share price is doing well

 

[AlienALX]

I'm telling you, one of those dudes on the video was reading a script. I am 100% certain of that. One would think that a supposed genius such as him would be able to remember what he is talking about.

 

[AlienALX]

If financial gain through stock-market manipulation was indeed CTS-Labs' goal, it appears to have backfired: AMD's share price is up 1.04 on the news, and a further 0.77 percent in after-hours trading

 

[RobM]

The general consensus across the IT community including security is that this is a malicious claim aimed at damaging AMD.

I have a huge security vulnerability on my own system that if someone was to break into my house and knew my details they would be able to log onto my PC then they would be able to damage and or steal my data.

 

[TheF34RChannel]

I'm not an AMD user but am impressed with the chipmaker. So as an Intel user I am appalled by this highly suspect paper. Something is seriously off here! I also wanted to post the video that Rob linked; it's a good deduction! I hope no one refrains from buying AMD over this - because they shouldn't.

 

[Arne Saknussemm]

Breaking:

If you allow someone into your home and furnish them with your bank details and passwords and then go shopping...it's possible for them, using an AMD CPU to steal money from you.

Why has AMD done nothing about this?

By stratagem thou shalt do war

 

[Warchild]

I'm telling you, one of those dudes on the video was reading a script. I am 100% certain of that. One would think that a supposed genius such as him would be able to remember what he is talking about.

Even a genius with an IQ of 200+ can have anxiety, nerves or issues in front of a camera. Nothing wrong with reading from a script providing info is accurate and true/evident.