The AMD Chip Security Flaw Explained

image
Updated:
24 Mar 2018

Earlier this week a security start-up, CTS Labs, released and created a website that claims AMD has 13 vulnerabilities that attackers can exploit. According to the website these vulnerabilities can be found in AMDs Ryzen and EPYC product lines and are classified in four different categories; RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY.

Based on the available information these vulnerabilities can be used by attackers to upload malicious malware to take over the AMD processor, steal network credentials, and attack the operating system. The different vulnerabilities can be exploited together, meaning that hackers could use different flaw combinations to make their attack more devastating.

For gamers this means that their PCs can be compromised and they run the risk of losing access to gaming accounts and various information on their PC. Before there is any more panic it should be noted that while these flaws are dangerous they are not as easily exploited as the whitepaper and amdflaws.com have made them out to be.

According to a tweet by Dan Guido, CEO of Trail of Bits, "Regardless of the hype around the release, the bugs are real…and their exploit code works." Guido also tweeted, "Yes, all the flaws require admin [privileges] but all are flaws, not expected functionality."

In addition to the coverage of the security flaw, CTS Labs has been under a lot of scrutiny for how they distributed the information. Apparently AMD hadn't heard of CTS Labs until CTS contacted the company with their 24 hour deadline to fix the problems that they found in their hardware. The 24-hour period raised some flags due to the fact that security researchers usually give the chip company more time to fix the problem. Information about Meltdown and Spectre wasn’t released until months after it was first discovered.

 Then there is the website and whitepaper CTS made, which contained an aggressive stance towards AMD. Then another website, Viceroy Research, made statements like AMD being worth nothing and that they’ll declare bankruptcy. This has raised concerns that the website and research was an act of sabotage. So far there has been no solid proof, but there is enough circumstantial evidence that points to sabotage.

AMD has conducted their own research into the reported flaws, though they are still analyzing the security risks the company has developed a plan to mitigate these security risks. Most of the plans involve developing patches for MASTERKEY, RYZENFALL, and FALLOUT, AMD does plan on bringing in a third party to help develop a patch for CHIMERA.  

 

image
Gamer Since:
2000
Favorite Genre:
RPG
Currently Playing:
Fortnite, Monster Hunter World, Overwatch
Top 3 Favorite Games:
Mass Effect 3, Dragon Age II, Devil May Cry DMC