Published in News

AMD Ryzen and EPYC have big security flaws

by on14 March 2018


Only given a week to fix it

Insecurity experts have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices.

The alleged vulnerabilities are in the secure part of the processors - typically where your device stores sensitive data like passwords and encryption keys. While most of them require administrative access to the machine through malware, putting additional malware on the secure processor is itself a huge potential for damage.

CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers. However, the outfit gave AMD a week to come up with a fix before it went public.  Standard vulnerability disclosure calls for at least 90 days notice, so companies have time to address flaws adequately. Google's researchers gave Intel six months to fix issues related to Spectre and Meltdown.

An AMD spokesman said that it was still investigating this report, which we just received, to understand the methodology and merit of the findings."

CTS-Labs co-founder and Chief Financial Officer Yaron Luk-Zilberman told CNET that all the vulnerabilities allow an attacker to target the secure segment of a processor, which is crucial to protecting the sensitive information on your device.

"You're virtually undetectable when you're sitting in the secure processor", Luk-Zilberman said of the flaws. "An attacker could sit there for years without ever being detected."

But security researchers have hit out at the white paper published by CTS-Labs for lacking any technical details describing the vulnerabilities. CTS-Labs said it sent the technical report to Dan Guido, an independent security researcher and the CEO of Trail of Bits.

Guido said the company sent him the details last week and added that the threats were legitimate.

Guido also said CTS-Labs paid him the company's "week rate for the work".

The Ryzen chipset itself allows malware to run on it, CTS-Labs said. Because Wi-Fi, network and Bluetooth traffic flows through the chipset, an attacker could use that to infect your device, the researchers said. In a proof-of-concept demonstration, they said, it was possible to install a keylogger, which would allow an attacker to see everything typed on an infected computer.

The chipset's firmware issues mean an attack can install malware onto the processor itself.

It's unclear how long it would take to fix these issues. CTS-Labs said it hasn't heard back from AMD. The researchers said it could take "several months to fix". The vulnerabilities in the hardware can't be fixed.

 

Last modified on 14 March 2018
Rate this item
(0 votes)

Read more about: