Start-Up Warns Of AMD Chip Flaws In Unusual Publicity Campaign

A Tel Aviv-based start-up has publicised flaws in AMD processors that researchers say are genuine, even as they criticised the way in which they were disclosed.

While the vulnerabilities all require administrator access before they can be exploited, making them significantly more difficult for intruders to use, they are dangerous in that they allow complete access to the system, including secure processing areas normally off-limits to malware.

That access means attackers who have already successfully compromised a system could potentially place malicious code in such a way as to make it difficult or impossible to detect or remove.

The exploits discovered by CTS Labs, founded in January 2017, are called Ryzenfall, Fallout, Chimera and Masterkey, and affect AMD’s Epyc, Ryzen, Ryzen Pro, and Ryzen Mobile processors. They allow malware to run before the operating system boots and to bypass advanced security features such as Windows 10 Credential Guard.

Secure enclave

In an embarrassment for AMD, they allow an attacker to compromise its Platform Secure Processor, a secure enclave similar to that used in iPhones to store biometric data. AMD’s enclave is based on an ARM 32-bit Cortex A5 processor design.

Third-party researchers said the flaws are genuine, with New York-based Trail of Bits saying it had verified CTS’ findings under an arrangement for which Reuters reports CTS paid $16,000 (£11,500).

“Regardless of the hype around the release, the bugs are real, accurately described in their technical report (which is not public AFAIK), and their exploit code works,” said Trail of Bits chief executive Dan Guido on Twitter.

But much of the attention following Tuesday’s disclosure by CTS focused on the company’s publicity methods, with some saying CTS appeared to be trying to manipulate AMD’s share price.

Switzerland-based security consultant Arrigo Triulzi, for one, described CTS’ paper as “over-hyped beyond belief”.

Surprise disclosure

CTS gave AMD only 24 hours to review the findings before publishing them, and AMD said the report took it by surprise.

“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,” the company said in a statement. “We are investigating this report, which we just received, to understand the methodology and merit of the findings.”

In a statement on its website, AMD added, “This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.”

In its 20-page report, titled “Severe Security Advisory on AMD Processors”, CTS notes that it “may have, either directly or indirectly, an economic interest in the performance” of AMD’s stock and that of other companies.

The report also contains a disclaimer that the contents are statements of opinion and “not statements of fact”. Such statements are highly unusual for security advisories.

Investment firm Viceroy Research published a 25-page report on the issues after the company said it was anonymously emailed a copy of CTS’ findings on Monday afternoon. The company confirmed it has taken a large “short” position on AMD, in other words betting the company’s shares will fall.

Financial analysts confirmed there was a spike in short selling on AMD shares, and in fact those shares initially fell on Tuesday in heavy trading, before closing slightly higher.

Do you know all about security? Try our quiz!