IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

New TR: Newly reported AMD chipset vulnerabilities.

Security firm discloses range of Ryzen, Epyc, and AMD chipset vulnerabilities

by Jeff Kampman — 1:19 PM on March 13, 2018

CTS Labs, an Israeli security research firm, purports to have discovered 13 separate security vulnerabilities related to AMD hardware across four categories of exploits. This surprise news arrives without any form of coordinated disclosure or pre-developed vendor mitigations.

The firm claims that flaws in AMD's Secure Processor, a separate ARM processor on AMD Zen CPUs that performs various encryption and root-of-trust functions, can be exploited to run arbitrary code. The "Masterkey" vulnerability requires the attacker to install a modified BIOS containing the exploit payload, either through physical access or—as CTS Labs claims—exploiting another one of the vulnerabilities the firm discovered to write to system flash in system management mode.

CTS Labs goes on to describe three other classes of vulnerabilities that it's branded "Ryzenfall," "Fallout," and "Chimera." Both the Ryzenfall and Fallout vulnerabilities require a local user account with administrator or root privileges to run the required malware, a level of access that generally would suggest that all bets are off on a system's security to begin with. Chimera purports to exploit undescribed "hardware backdoors" in ASMedia intellectual property that apparently makes up the Promontory chip powering AMD AM4 chipsets.


The chaotic nature of today's disclosure has led to many questions about the source and motivations of the firms behind this research. Astute social-media users have noted that Viceroy Research, a financial-analysis group that reportedly engages in short selling of various companies' securities, appears to have coordinated the release of a report provocatively titled "The Obituary" alongside the CTS Labs whitepaper. Viceroy posits that AMD will have no choice but to file for Chapter 11 bankruptcy as a result of the news and that its stock is ultimately worthless, claims that seem vastly out of proportion with the magnitude of the purported vulnerabilities that CTS Labs has discovered.

CTS Labs' disclaimer on its AMD vulnerability website also exposes a potential conflict of interest. The firm notes that it "may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports." If that's the case, it might explain why CTS Labs didn't engage in any form of coordinated disclosure of these vulnerabilities with AMD or give the company an opportunity to develop and deploy patches for those vulnerabilities.


(Emphasis added.)


The banksters are going to destroy the world if we let them...

New They're insanely hard to trigger
Your quote mentions this, but here's the nitty gritty:

Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update. This update would contain Secure Processor metadata that exploits one of the vulnerabilities, as well as malware code compiled for ARM Cortex A5 – the processor inside the AMD Secure Processor.


Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.


Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.


Prerequisites for Exploitation: A program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor.


Expand Edited by drook March 14, 2018, 07:26:27 AM EDT
New Interesting soap opera..
Via this link at your link:
It seems that the same level of techno-knowledge seemingly employed by the scam-sell-short 'Viceroy' locus of conniving creeps: also undoes their scheme, prolly with extreme-prejudice in any of the Informed and ept. Even moi can see that: an exploit requiring an already-pwned system may well deserve some remediation, but it's hardly an Obituary-grade revelation, except to er, the intentionally-uninformed and presumably (often enough) unteachable.

Jung might have had a few comments about these Drumpf-like mindsets, but he's dead. Maybe some wag can hack Viceroy's servers and, you know.. indulge our latent Schadenfreude?
We needs a giggle now and then, I wot. Viceroy shirley deserves to be Outed, just because they are There, wear suits and act like Repos.
New One can't forget that machines can be intercepted while new and moving from maker to customer.
So, physical possession of a machine is not necessarily a problem for someone like say CIA. But, unless they tamper with them all, there is a difference between walking into a store and buying one getting one from Amazon when you have been identified.

"There is a cult of ignorance in the United States, and there has always been. The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that "my ignorance is just as good as your knowledge."

-- Isaac Asimov
New Or malware can be put on the "restore" DVDs, etc., etc.
E.g. https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal

If someone can touch the hardware or software at any point along the way, one cannot guarantee that the computer hasn't been compromised.

Relatedly, I wonder how many of the VPN companies out there end up being less secure communications routes than simply trying to remain anonymous. And, IIUC, the NSA can keep any encrypted communications it finds for N years - even if that communications couldn't legally be kept if it weren't encrypted. IOW, one (in some sense) draws attention to oneself by using encryption... :-/

New Catch ..2018 and --> onwards
In summary, this minor brohaha suggests that, even were there er, Actualized: a brand-new turbocharged Intarweb some. day. this situation of now-guaranteed Insecurity ... shall remain the same.
(Could this be Nature's Way of (trying to..) Remind Us'ns-All: that in This omniverse, the word Certainty is both a chimera and ... a demonstrable oxymoron?)

(It's assuredly the case within all metaphysical wonderings) so.. I calls it a glimpse. a palpable glimpse of Reality. But I'm biased; I may not pass the Turing test either. Likely too: "acute testosterone poisoning" is apt to be big on the homo-sap necropsy (isn't Hacking just another form of Mine's Bigger?)


Does not Gödel's Incompleteness Theorem demonstrate this Finally? (except for Itself proving to be somewhat, er incomplete also too?)
Bring on all them NRA-armed-to-teeth minions; my Ronald's Raygun Quantum-Blaster can disintegrate a case of .44 Magnums from a mile away.

;^> Sorry.. all of 2016 thru today has been so Irregularly-irregular that, only the Goddess of Humour can make sense of the whole schmeer. Endorphins appear wherever a one can find them :-)
     TR: Newly reported AMD chipset vulnerabilities. - (Another Scott) - (6)
         They're insanely hard to trigger - (drook)
         Interesting soap opera.. - (Ashton)
         One can't forget that machines can be intercepted while new and moving from maker to customer. - (a6l6e6x) - (3)
             Or malware can be put on the "restore" DVDs, etc., etc. - (Another Scott) - (1)
                 Catch ..2018 and --> onwards - (Ashton)
             Very true - (crazy)

Why sure I'm a billiard player!
58 ms