AMD has a Spectre/Meltdown-like security flaw of its own

Discussion in 'other security issues & news' started by hawki, Mar 13, 2018.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "AMD has a Spectre/Meltdown-like security flaw of its own

    Researchers find 13 vulnerabilities in AMD’s Ryzen and EPYC chip, allowing attackers to install malware on highly guarded portions of the processor...

    Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer...

    This vulnerability specifically affects AMD's Ryzen chips, and would allow malware to completely take over the secure processor...

    It's unclear how long it will take to fix these issues with AMD's processors...."

    https://www.cnet.com/news/amd-has-a-spectre-meltdown-like-security-flaw-of-its-own/
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    The CTS-Labs Report -- AMD Ryzen & EPYC product lines' 4 Classes of Vulnerabilities

    https://www.amdflaws.com/
     
  4. Joxx

    Joxx Registered Member

    Joined:
    Sep 5, 2012
    Posts:
    1,718
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    :thumb:
     
  6. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    "Researchers Point to an AMD Backdoor—And Face Their Own Backlash...

    Hyped or not, the CTS researchers appear to have found real vulnerabilities in AMD's Zen architecture chips,...

    While CTS hasn't publicly released any of the details of how its attacks work, it did share them privately with New York-based security firm Trail of Bits, which essentially confirmed the central findings. 'Regardless of hype, they found vulnerabilities that work as described,' says Dan Guido, Trail of Bits' founder..."

    https://www.wired.com/story/amd-backdoor-cts-labs-backlash/
     
  7. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,001
    Location:
    Member state of European Union
    https://www.ensilo.com/faq/chimera-ryzenfall-fallout-masterkey/
     
  8. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    https://www.securityweek.com/security-firm-under-fire-over-disclosure-amd-chip-flaws
     
  9. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    160
    https://arstechnica.com/information...-in-amd-chips-make-bad-hacks-much-much-worse/
    Now this is something to really worry about considering all the BootnNuke & Clean Image restoring suggestions given as 100% sure shot way of getting rid of any malware.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    AMD Flaws Pose No Immediate Risk of Exploitation, Says Independent Reviewer
    https://www.bleepingcomputer.com/ne...sk-of-exploitation-says-independent-reviewer/
     
  11. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
  12. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    My take on this is if your processor is pre-2013, Zen, or not select socket AM4 or TR4 motherboards, you're not affected by these latest vulnerabilities:
    https://community.amd.com/community...amd-technical-assessment-of-cts-labs-research
    https://en.wikipedia.org/wiki/AMD_Platform_Security_Processor
    https://en.wikipedia.org/wiki/Socket_AM4
     
    Last edited: Mar 20, 2018
  13. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,035
    Location:
    Texas
  14. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
  15. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,001
    Location:
    Member state of European Union
    "accuses chipmaker of downplaying flaws". You mean the same security firm that up-played, overhyped flaws? You need to completely compromise OS (Windows, Linux, you name it) before you can exploit these security flaws.
     
  16. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,035
    Location:
    Texas
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.