Researchers Claim AMD’s Ryzen, Epyc CPUs Have Major Security Flaws

Posted by at 2:50 pm on March 13, 2018

Researchers say they have discovered more than a dozen (or exactly a baker’s dozen) new critical security flaws affecting AMD’s Ryzen and Epyc processor lines, CNET reports. The vulnerabilities purportedly lie in what is supposed to be a secure part of the processors where sensitive information is contained.

The flaws were discovered by CTS-Labs, a security outfit in Israel. Unlike Google’s Project Zero team, which alerted chipmakers months in advance to Spectre and Meltdown before disclosing them to the public, CTS-Labs gave AMD less than 24 hours to look at its findings and respond before publishing the details. AMD is in the process of investigating the matter.

“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings,” an AMD spokesman said.

It’s not yet clear how serious these newly discovered flaws are. As presented, the 13 flaws fall into four categories called Master Key, Ryzenfall, Fallout, and Chimera. Between the four main vulnerabilities, an attacker could bypass a Ryzen or Epyc CPU’s secure boot and install malware into the BIOS, and the onto the processor itself. They could also leverage a pair of manufacturer backdoors to compromise a system’s firmware and chipset.

Masterkey, according to CTS-Labs, allows the injection of persistent malware into the Secure Processor, among other attacks. Ryzenfall threatens the secure OS running on top of the Secure Processor, potentially bypassing virtualization and injecting malware. It allows an attacker to break into the “fenced DRAM” the OS creates.

Fallout exposes the bootloader within the Epyc Secure Processor, allowing access to protected memory regions, CTS-Labs claims. Finally, the firm claimed the Chimera attack could access “an array of hidden manufacturer backdoors” inside AMD’s Promontory chipsets. CTS-Labs blamed ASMedia, a third-party chipmaker that supplied the USB host controller and SATA controller within AMD’s Ryzen chipset, for these vulnerabilities, which were then introduced into the Ryzen chipsets.

If the vulnerabilities are as widespread and critical as CTS-Labs presents them to be, there are all kinds of implications and potential scenarios. Collectively, the vulnerabilities open customers up to covert and long-term industrial espionage, sophisticated malware attacks that expose passwords and other personal information, hardware-based ransomware, and more.

The industry at large is still reeling from Spectre and Meltdown. Some of the early patches have caused a few headaches, such as random reboots and performance degradation. It remains to be seen what the fallout might be like for these newly discovered flaws.

Leave a Reply

Sign Up For Our Newsletter

Sign up to receive breaking news
as well as receive other site updates

Enter your Email

Preview | Powered by FeedBlitz

Log in

Copyright © 2008 - 2019 · StreetCorner Media , LLC· All Rights Reserved ·