Researchers claim discovery of 13 security flaws in AMD Ryzen and Epyc chips
Israel-based security company CTS-Labs announced today that its researchers have discovered a number of critical vulnerabilities affecting Advanced Micro Devices Inc. products.
The vulnerabilities in the affected chips, which include AMD’s Epyc secure processor and the Ryzen chipset, could allow attackers to take control of systems running on these chipsets, access secure data and even install malware.
Although it’s customary for security researchers to give a manufacturer time to research and respond to claims of vulnerabilities – typically 90 days — it appears that CTS-Labs went public a mere 24 hours after informing AMD. That created a stir in the security research community and has AMD working to verify the claims made by CTS-Labs through the chipmaker’s own internal investigation.
In total, the security researcher claims that it has discovered 13 different critical vulnerabilities affecting 21 products, which the company successfully exploited using discovered vulnerabilities.
CTS-Labs said it’s publishing this information to bring these issues to public attention and to warn users of potential security issues. The nature and disposition of these flaws are outlined on a website and a whitepaper published by the company, but the actual exploits and methodology have not been published for security reasons.
“[We want] to bring these issues to public attention, and to warn users and organizations,” CTS-Labs wrote on its AMDflaws.com website. “In particular, we urge the community to pay closer attention to the security of AMD devices.”
Customers running servers using Epyc, AMD’s x86 server processor based on the company’s Zen microarchitecture introduced last year, or using hardware running on the Ryzen chipset in workstations, laptops or mobile devices could be vulnerable.
The vulnerabilities have been split into four categories, each with similarly chilling codenames: Ryzenfall, Fallout, Chimera and Masterkey.
Appropriate to its name, Ryzenfall affects Ryzen chipset products from AMD. Attackers can exploit Ryzenfall to insert malicious code to take complete control of the AMD Secure Processor line. The vulnerability allows attackers privileges to read and write protected memory and can use this to bypass systems such as Windows Credential Guard. As a result, attackers can steal network credentials and then spread past gatekeepers and into protected networks.
Fallout affects AMD’s Epyc server through an exploit that allows attackers to read and write to protected memory areas. This can also be used by attackers to bypass Windows Credential Guard and infiltrate secure networks. The exploit can also be used by attackers to bypass Basic Input/Output System protections and therefore change BIOS firmware on the device, potentially allowing attackers to create malware that can reinfect the device at boot time.
Chimera appears to be two sets of potential manufacturer backdoors affecting the Ryzen chipset. One is implemented in firmware and the other is in hardware. Both backdoors could allow malicious code to be injected into the chipset. Because the chipset links the central processing unit to the network, WiFi and Bluetooth devices, it could be possible for an attacker to sneak malware onto the system and affect the operating system.
Masterkey affects every product line CTS-Labs tested, from Epyc to Ryzen, by taking advantage of vulnerabilities in AMD Secure Processor. With an exploit, attackers can tamper with AMD’s firmware-based security features such as Secure Encrypted Virtualization and Firmware Trusted Platform Module. With this vulnerability, researchers said, attackers could cause physical damage to hardware or “brick” devices, or make them inoperable.
“When we were looking into the security of chips made by a Taiwanese company called ASMedia, we discovered that many of ASMedia’s products contain backdoors that could be used by hackers to inject malicious code into the chip,” said Ido Li On, chief executive of CTS-Labs. “When we looked at Ryzen computers we saw the very same backdoors that have existed in ASMedia chips for over six years are now on every Ryzen PC on the market.”
Journalists from online hardware and computer magazine Anandtech contacted AMD when the news went live and the chipmaker said it has an internal team working on the claims of the security researcher. However, the extremely short time between notice and publication of vulnerability discovery has left AMD with very little time to formulate a response.
“The general feeling is that they have been somewhat blindsided by all of this,” reporter Ian Cutress wrote. “Given the limited time from notice to disclosure and are using the internal team to validate the claims made.”
AMD’s response has been cautious. “We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors,” an AMD spokesperson wrote on AMD’s investor relations site. “We are actively investigating and analyzing its findings.”
For its part, AMD’s official statement said the chipmaker was unaware of CTS-Labs or its work in security research. “This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings,” said the statement. “At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.”
Image: CTS-Labs
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU