AMD is one of the largest chipset production companies. In fact, AMD has all the right to compete with the giant chipset producer – Intel. With the recent inventions of Meltdown and Spectre, all the processors are at risk. However, AMD has faced another bad scenario. Security researcher team CTS Labs disclosed 13 vulnerabilities found in the AMD chipsets that can turn into some heinous cybercrime events.
The infected chipsets of AMD are AMD Ryzen and EPYC processors. The total number of flaws is 13 and they’re under 4 classes – MasterKey, RyzenFall, Chimera, and Fallout (named by CTS Labs). These were discovered and announced very recently by CTS Labs, a Tel Aviv based cybersecurity startup.
This scenery became more than dramatic. According to official reports, CTS Labs informed AMD about the flaws and submitted their papers. The deadline was less than “24 hours”! Seriously, even Google gave Microsoft a deadline of 90 days for the vulnerability of Microsoft Edge. Now, instead of AMD, everyone is criticizing CTS Labs for such a short deadline. According to the official statement, CTS Labs didn’t think that AMD would fix them in years, so they decided to disclose them publicly.
Although this incident looks suspicious, the vulnerabilities in AMD processors are real. After CTS Labs disclosed papers about the flaws, another security company – Trail of Bits – came forward to verify the truth. The CEO of Trail of Bits – Dan Guido – confirmed that those flaws are real. Here’re the tweets that Dan Guido published.
So this https://t.co/vYktqat10K business… CTS Labs asked us to review their research last week, and sent us a full technical report with PoC exploit code for each set of bugs.
— Dan Guido (@dguido) March 13, 2018
Alex Ionescu, a highly reputed security researcher, also confirmed those vulnerabilities to be true.
On the #AMDflaws — I have seen the technical details and there are legit design & implementation issues worth discussing as part of a coordinated disclosure effort. The media storm and handling around that is sadly distracting from a real conversation around security boundaries.
— Alex Ionescu (@aionescu) March 14, 2018
How the flaws work
When booting up the system, the machine follows “secure boot” with the help of the processor that ensures that only the TRUSTED programs are launched. Using MasterKey vulnerability, this can be bypassed to launch malicious codes. However, the malicious code must be installed in BIOS. Only then, MasterKey allows the intruder to install all the malware on the boot process.
This vulnerability can also allow disabling all the other security features of the processor.
From the name, it’s really easy to assume that Ryzen chips are infected by this flaw. This flaw can hand over the control of the processor to the hacker, exposing sensitive data to the attacker.
If an attacker can bypass the Windows Defender Credential Guard, the stolen data will help spread throughout the network. Credential Guard is a feature of Windows 10 that stores the sensitive information in a protected section of the operating system.
Like RyzenFall, this attack can also allow a hacker to steal information from the protected area. This flaw exists in the EPYC processors. An important note – Microsoft announced a partnership with AMD that told that Microsoft would use EPYC processors in their Azure Cloud servers.
Fallout breaks down the barrier between virtual machines. A virtual machine is a part of a computer along with memory and processor power that’s completely separated than others. With this flaw, a virtual machine can get access to the host or other virtual machines.
This vulnerability comes in 2 different flavors – hardware and firmware.
The Ryzen chipset allows running programs and malware in it, as Bluetooth, Wi-Fi, and other network traffic go through the chipset and an attack can depend on it. In the proof-of-concept demo, the researchers said that they were able to install a keylogger in the system to see every keystroke on the computer.
What to do now
The internet is now in the debate of CTS Lab’s attitude and action. Debate aside, the vulnerabilities are real. But it’s not time to panic yet.
All the flaws require admin access to the system. For example, MasterKey must be present in the BIOS at the first place, meaning that the user in the computer must flush a special-crafted BIOS update. Dan Guido confirmed that all other flaws require admin access. Unless you’re a careless user, it’s highly unlikely that these bugs will affect you.
Now onto the “vulnerabilities”:
1) MASTERKEY: if you allow unauthorised BIOS updates you are screwed.
Threat level: No shat, Sherlock!
2) RYZENFALL: again, loading unauthorised code on the Secure Processor as admin.
Threat level: No shat, Sherlock!
— Arrigo Triulzi (@cynicalsecurity) March 13, 2018
However, you have to stay sharp for not making any mistake. The proof-of-concept codes and technical details aren’t public just yet, making it a harder path for hackers to re-invent them all on their own. Make sure to use a good antivirus engine, not to install apps from unauthorized sources and password-protect your system.