Skip to comments.Researchers Find Critical Security Flaws in AMD Chips
Posted on 03/13/2018 1:53:20 PM PDT by bitt
Security researchers said Tuesday they discovered flaws in chips made by Advanced Micro Devices that could allow hackers to take over computers and networks.
Israeli-based security firm CTS Labs published its research showing "multiple critical security vulnerabilities and exploitable manufacturer backdoors" in AMD chips.
CTS itemized 13 flaws, saying they "have the potential to put organizations at significantly increased risk of cyberattacks."
The report comes weeks after Intel disclosed similar hardware-based flaws dubbed Meltdown and Spectre, sparking widespread computer security concerns and a congressional inquiry.
CTS said the newly discovered flaws could compromise AMD's new chips that handle applications in the enterprise, industrial and aerospace sectors, as well as consumer products.
In a 20-page white paper, the researchers said the AMD Secure Processor, the gatekeeper responsible for the security of AMD processors, contains "critical vulnerabilities" that "could allow malicious actors to permanently install malicious code inside the Secure Processor itself."
"These vulnerabilities could expose AMD customers to industrial espionage that is virtually undetectable by most security solutions," the researchers said.
CTS said AMD's Ryzen chipset, which AMD outsourced to a Taiwanese chip manufacturer, ASMedia, "is currently being shipped with exploitable manufacturer backdoors inside."
This could allow attackers "to inject malicious code into the chip" and create "an ideal target" for hackers, the researchers said.
"CTS believes that networks that contain AMD computers are at a considerable risk," the report said.
"The vulnerabilities we have discovered allow bad actors who infiltrated the network to persist in it, surviving computer reboots and reinstallations of the operating system.
(Excerpt) Read more at securityweek.com ...
Darn. AMD was my go-to for a MicroLeftist alternative.
China and Taiwan have a very cozy business relationship.
I rather doubt all these back doors are accidental.
Make no mistake, this is an act of war.
As with most things computer-related, as a home/small business user I try to stay a couple steps behind the bleeding edge.
Might be a few nanoseconds pokier than the whiz bang kids, but stability is more important to me these days than bragging rights.
“I rather doubt all these back doors are accidental.”
That is certainly true, and, to some extent, I agree (big brother needs to know everything about everyone).
However, processors are ridiculously complex these days (well, they were always ridiculous complex compared to the previous generation ... but I think you know what I mean) ... and they’re microcoded to allow field upgrades to fix bugs & performance issues. I’m sure they overlooked things be it on purpose or “for real” :-).
Once is an accident.
Twice is a coincidence.
Three times is an act of war...............
This is about the Ryzen chip so far, so my old AMD will probably be OK.
If we had high enough import tariffs, AMD wouldn’t be offshoring the production of these chips.
So the Chinese added a back door into the chip? Shocking.
If Trump cared about national security, he’d put a tariff on foreign chips, not moving to protect the self serving management at Qualcomm at the expense of shareholders.
From the article :
". . . manufacturer backdoors"
Right there at least some of them are fingered as having been left deliberately by AMD themselves. The question is, were incentives or threats used by US Intelligence to put those back doors in and if it's 'neither', then why did AMD put them into the design.
Neither since it is easy to insert a human asset into the design team. The real question is whether the US and Chinese intelligence cooperated on the back door so they could both use it, or whether one or the other did it alone.
Didn’t AMD move its production to some communist run country?
The white paper presents 4 attack vectors:
MasterKey requires the ability to alter the BIOS
The other three require administrator privileges to exploit.
Chimera is the most dangerous in my mind as it is a chip / asic level error.
All four will require significant rework of the product line to fix.
Kind of crappy that CTS did not allow AMD the normal courtesy of 90 days notice before releasing the white paper.
“CTS said AMD’s Ryzen chipset, which AMD outsourced to a Taiwanese chip manufacturer, ASMedia, “is currently being shipped with exploitable manufacturer backdoors inside.””
wonder if my old pc chip is ok...
Thanks to bitt for the ping!
Frankly, color me somewhat skeptical of this report.
"The report and all statements contained herein are opinions of CTS and are not statements of fact... You are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports..."AND
A comment from Reddit's /r/netsec:
"...Looking closer a PR firm CEO is directly handling media for this small, recently formed Israeli company. The Israeli company CEO has experience selling off sec-tech firms to others. The PR firm put out a press release/article last year (when they themselves were founded from past careers in NYC venture/hedge funds) about how they understand how venture capital uses big data to identify opportunities and they connect those opportunities to capital. Could be Intel...but I'm thinking its just as likely this is a PR based pump-n-dump play in a hot sector."Add to that the fact that they didn't give the usual 90 days advance warning...
Color me VERY skeptical.
VERY crappy. I suspect this could be BS meant to affect stock prices, little or nothing more.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.