• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Dubious Research Discovers Ryzen vulnerabilites

Rroff said:
Unless you are running something Linux based, etc. I'm yet to find a Windows system where it isn't possible to bypass local admin rights via one of various exploits - depending on the setup this may or may not be flagged in system logs.
Click to expand...

Again that's not possible, you can only do that when physically at the machiene.
 
Hotwired said:
How about it being entirely possible but grossly exaggerated for maximum smear effect.



The requirements to do something bad in all of these situations are farcical and yet it's being picked up and run with because clickbait.

Someone is physically at your computer and has admin access. Everyone with a brain knows you're screwed right there but this is the starting point for the claims that something bad can be done.



You'd have to wait a decent amount of time for AMD to look at what they've been given and reply.

But my money is on grains of truth greatly distorted.
Click to expand...

I think this post sums up the whole debacle really well TBH!
 
Last edited:
CAT-THE-FIFTH said:
Outside the whole way this was leaked to the world,the fact that Viceroy research received the info before AMD,etc,why does this company need to employ a media company which does the following:

Right reporters and bloggers?? Influencers?? Why would you need to control the message to the media if the message has nothing to hide??

Surely if what you done is up to scratch the results will defend themselves. I mean in many cases,companies will pay people if you find an issue in their software or hardware too,and companies might even contract you for some services.
Click to expand...

Right, my guess is because for their agenda to be effective it needs make sure its publication has a big impact, one would hire a media company to insure that.
 
Vince said:
So what your effectively saying is that not only do you need all these rights but you must rely on software exploits within windows to gain these rights? I would love for you to come to my office and bypass our domain security, gain local admin rights over a workstation and deploy exploits undetected. In fact I think I would pay good money to watch you try.
Click to expand...

There is malware out there that will go straight through stuff like Windows UAC like it isn't even there - now actually executing it is a bit harder but there are things like the recent vulnerability with MS's malware protection engine (for instance https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4022344 ) that could be exploited.

Getting through a properly setup corporate environment wouldn't be trivial - but I've worked in a lot of places that have holes in their security due to well human nature, etc. people get lazy and so on.
 
humbug said:
Again that's not possible, you can only do that when physically at the machiene.
Click to expand...

Even if physically at the machine your likely attack vector will be booting into some linux distro via a USB stick or similar then attempting to manipulate the local logins. Possible I guess but its starting to get to the point where you might as well come in and physically swap the machine for one that you have already done the work on. While you are here you may as well swap the hard disk from my machine that is fine into a pre staged machine that isn't...

I guess anything is possible but is this not clutching at straws kind of vulnerabilities?
 
Rroff said:
There is malware out there that will go straight through stuff like Windows UAC like it isn't even there - now actually executing it is a bit harder but there are things like the recent vulnerability with MS's malware protection engine (for instance https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4022344 ) that could be exploited.

Getting through a properly setup corporate environment wouldn't be trivial - but I've worked in a lot of places that have holes in their security due to well human nature, etc. people get lazy and so on.
Click to expand...

I take your point that technically these may be possible but then we are starting to get to the point where it's not really about the hardware or specific vulnerabilities in the hardware, what we are talking about here is more about using possible software exploits to bypass hardware checks, only the barrier to entry means that in a properly set up network you need to be physically sitting on top of things to make it work.

Got to admit I am really curious as to what comes of all this.
 
Vince said:
I guess anything is possible but is this not clutching at straws kind of vulnerabilities?
Click to expand...

Not really - it far simplifies once you've got it in place over stuff like swapping out HDDs - though it would be similar in nature to taking the HDD out, embedding a custom firmware with something like the NSA firmware hack that takes over the OS system files even after a clean wipe and replacing it.

It gives a possible escalation angle that is less easy to discover or protect against than your typical rootkit, etc.

Vince said:
In fact I think I would pay good money to watch you try.
Click to expand...

You probably wouldn't want to bet against me - its not something I'm particularly upto speed with these days - none the less because of the legal angle - but it is within my skill set given enough time.

Vince said:
I take your point that technically these may be possible but then we are starting to get to the point where it's not really about the hardware or specific vulnerabilities in the hardware, what we are talking about here is more about using possible software exploits to bypass hardware checks, only the barrier to entry means that in a properly set up network you need to be physically sitting on top of things to make it work.

Got to admit I am really curious as to what comes of all this.
Click to expand...

Reminds me of one place I worked - they had a decently secure network - but a corporate screensaver that ran on all machines that was a nasty hacked up outsourced job (IIRC it even used Macromedia runtimes internally which were pretty insecure as well) that was possible to exploit a buffer overrun to execute code via settings in its config file which was writeable due a mixture of the way Windows permissions worked in the transition to Vista/7 versus older OSes and the shoddy way it was produced.
 
Last edited:
Roff what you are describing is true for Intel, IBM.... what you are describing is just plain old hacking into a computer, in the same way thousands of people get infected with malware everyday by opening infected Emails ecte....

I'm sure even you would agree what you are describing has nothing to do with specific Ryzen vulnerabilities.
 
Id love to see someone hack one of our client machines... to exploit this you would need to first get into the BIOS, easily done, but you need the BIOS password to then make any changes to the BIOS, whats that you want to run the BIOS update from within windows? ok you need local admin rights, good luck getting that.

None of our client machines have CD drives etc, only USB ports, Thin Clients USB ports are disabled, PC USB ports are enabled, ok so you can attach a USB stick, but you wont get into the PC without an alert being raised, and considering our IT team on site here is 4 of us, and we are all in the same room, id love to see the look of everyones face when the alert pings to us all that someones tampering with a PC lol.

The reality is in a proper corporate IT infrastructure enviroment you would need to be extremely bad at your job or unlucky for this level of exploit to happen.
 
SiDeards73 said:
Id love to see someone hack one of our client machines... to exploit this you would need to first get into the BIOS, easily done, but you need the BIOS password to then make any changes to the BIOS, whats that you want to run the BIOS update from within windows? ok you need local admin rights, good luck getting that.

None of our client machines have CD drives etc, only USB ports, Thin Clients USB ports are disabled, PC USB ports are enabled, ok so you can attach a USB stick, but you wont get into the PC without an alert being raised, and considering our IT team on site here is 4 of us, and we are all in the same room, id love to see the look of everyones face when the alert pings to us all that someones tampering with a PC lol.

The reality is in a proper corporate IT infrastructure enviroment you would need to be extremely bad at your job or unlucky for this level of exploit to happen.
Click to expand...

If I'm understanding it right you don't need to get into the BIOS - depending on the attack used you just need to be able to execute code that can reflash firmware - its possible to do that within Windows itself even potentially overriding BIOS level protection (unless its hardware protection such as a physical write switch obviously).

Now actually executing that code let alone doing it without leaving a trail is extremely non-trivial in a properly setup environment but as above its not insurmountable.

I think people are looking at these potential avenues is far too narrow a scope and not seeing the potential when using a cocktail of attacks to progressively get deeper into a system (not necessarily a specific PC) that traditional OS level malware, etc. wouldn't let you.

There is also a potential remote angle depending on some details of how the PSP/SPS works there is a bit of an unknown as to potential network access as while it doesn't have a network stack of its own it might be possible to sideways access it depending on some undocumented features which people don't seem to have figured out yet (due to the security implications AMD hasn't publicly documented the exact functionality).
 
Last edited:
Rroff said:
If I'm understanding it right you don't need to get into the BIOS - depending on the attack used you just need to be able to execute code that can reflash firmware - its possible to do that within Windows itself even potentially overriding BIOS level protection.

Now actually executing that code let alone doing it without leaving a trail is extremely non-trivial in a properly setup environment but as above its not insurmountable.

I think people are looking at these potential avenues is far too narrow a scope and not seeing the potential when using a cocktail of attacks to progressively get deeper into a system (not necessarily a specific PC) that traditional OS level malware, etc. wouldn't let you.
Click to expand...

No you do need to get into the BIOS, the first thing these people did was disable security features on the CPU by modified the BIOS, such things are not actually possible to do while the computer is on because you need to flash a modified BIOS onto the system board.

The whole thing is insane, its easier to pick the computer up and run away with it under your arm. christ...
 
Look this sums it up perfectly...

1DsTtxm.png


https://www.phoronix.com/forums/for...ipsets-reportedly-vulnerable-to-exploit/page3
 
Rroff said:
You probably wouldn't want to bet against me - its not something I'm particularly upto speed with these days - none the less because of the legal angle - but it is within my skill set given enough time.
Click to expand...

I think I would take my chances :P
 
SiDeards73 said:
None of our client machines have CD drives etc, only USB ports, Thin Clients USB ports are disabled, PC USB ports are enabled, ok so you can attach a USB stick, but you wont get into the PC without an alert being raised, and considering our IT team on site here is 4 of us, and we are all in the same room, id love to see the look of everyones face when the alert pings to us all that someones tampering with a PC lol.
Click to expand...

While an older one now see:

https://arstechnica.com/information...uters-badusb-exploit-makes-devices-turn-evil/

While ability to exploit an environment with properly setup user controls via that avenue is much more limited it isn't impossible.
 
I can't even believe this is being debated as anything other than an obvious scam.

FFS.... you're not going to let me plug a USB into your computer and flash the BIOS? no.... so how is this anything other than complete nonsense?
 
opethdisciple said:
Turn your computer off and unplug from internet just to be safe.
Click to expand...

If there was an exploit at the low level management engine level (talking in general not any specific AMD, Intel or other CPU) you'd have to make sure you pulled out the network connection as well as powering the machine off.
 
You must log in or register to reply here.
Back
Top Bottom