Dubious Research Discovers Ryzen vulnerabilites

Rroff · 21 Mar 2018 at 21:31

sideways14a said:
Its hard to think intel would do this, its sloppy and a very high risk attempt if they are actually found out. But even so... you cant help but wonder if they at least had a hand in it.

If so and its proved then i hope AMD rain the biggest load of crap down on them as possible, doubt we will ever find out though.

This is one angle that doesn't make sense to me - if Intel was behind it they'd more likely either use a link and run style attack with a completely bogus company that could be sacrificed with little to link it back to them - it isn't like something like this will survive scrutiny beyond a few days anyhow so they might as well just frontload it and run.

Or it would be a hugely sophisticated affair with a backfilled history as a company and slower burn with a lot more nailed down technical details to inflict maximum effect over a longer period.

This bumbling effort just doesn't seem to fit and more likely to end up being traced back to them.

BongoHunter · 21 Mar 2018 at 21:38

sideways14a said:
Its hard to think intel would do this, its sloppy and a very high risk attempt if they are actually found out. But even so... you cant help but wonder if they at least had a hand in it.

If so and its proved then i hope AMD rain the biggest load of crap down on them as possible, doubt we will ever find out though.

Intel have got a less than great track record for ethical behaviour - but they're still in an extremely dominant market position, I can't imagine this would be worth the risk for them. AMD have a had a great few quarters now, but the number of PCs and Servers out there with a modern AMD chip in could easily look like a rounding error in the grand scheme of total systems globally - though this is slowly but surely moving in the right direction at least!

Though Intel have a massive presence in Israel I don't think anyones yet found a link between CTS-Labs and any Intel staffers if that's an angle being considered.

Rroff · 21 Mar 2018 at 21:42

BongoHunter said:
Intel have got a less than great track record for ethical behaviour - but they're still in an extremely dominant market position, I can't imagine this would be worth the risk for them. AMD have a had a great few quarters now, but the number of PCs and Servers out there with a modern AMD chip in could easily look like a rounding error in the grand scheme of total systems globally - though this is slowly but surely moving in the right direction at least!

Though Intel have a massive presence in Israel I don't think anyones yet found a link between CTS-Labs and any Intel staffers if that's an angle being considered.

This is why it is so bizarre - you could say that someone with a bit of money orchestrated it to make money from AMD stock - but there is at least something to these issues so they'd most likely have to have some foreknowledge of the issues - though I guess its possible someone speculatively paid them to do some research in the hope something was dug up and it was.

On the other hand you could say CTS Labs was fully involved either out of bias and/or seeing an opportunity to make money from AMD but that it doesn't make sense for them to keep updating the site, do testing that should have been done originally and wasn't, etc. and releasing another video, etc. as they have done and they probably wouldn't have been in a position to make the kind of money from it relative to the amount that has obviously been chucked around to orchestrate this event to make it worth their while - unless one of them had friends or family or something with deep pockets and prepared to take a bit of a gamble - as I doubt they'd be part of this type of company if they were throwing that kind of money around - the only maybe there would be the CFO who seems to be a bit of an abnormality in this company.

sideways14a · 21 Mar 2018 at 22:26

Will be interesting to see if that amdflaws site is updated, its that on its own that makes you wonder if they are not playing a longer game.

eddiew · 21 Mar 2018 at 22:35

Don't they have a disclaimer that says they have no responsibility to update the site even if proven to be spouting BS? Probably never touch it again

r7slayer · 22 Mar 2018 at 00:42

This is stupid. Ill leave my windows to my house unlocked but lock my door and assume my house is secure. But when my house is robbed ill glue all my possessions down to mitigate anything being stolen again. Instead of locking the bloody windows. In essence the easiest way to mitigate the problem is securing the machine. Im sure if you left a computer open there would be hundreds of exploits that could be initiated using cpu microcode. It shouldn't be down to intel or amd to secure your own machine thats the users job. Jeezus.

humbug · 22 Mar 2018 at 03:01

LoadsaMoney said:

Yup, not only are Intel equally effected they are also the only ones to gain anything from it because Intel CPU security is a joke right now and they need to drag AMD down to the same level, Intel are also suspiciously absent from all of this.

r7slayer · 22 Mar 2018 at 09:32

So essentially AMD have come out and said they can mitigate this code that can be executed on their chips which is the Arm chip and ASMedia chipset they source for their cpu. It's not actually their cpu per say. The same for intel but intel has got zero attention for this? It basically comes from any machine that is compromised this is when AMD's and Intel's CPUs can be exploited. So really what needs to happen is make sure that your machine does not get compromised then no problem. Seems to me like the problem arises further up the chain but AMD getting all the heat at the bottom of the chain. If your PC is compromised there is zero AMD can do to prevent a hacker from raining havok on your PC anyway. If your machine is compromised it's compromised lol. I don't understand this issue, it's nothing like meltdown or spectre.
CTS labs have been caught with their pants down. The only legitimate thing they have is code which actually can be exploited in the ASMedia chipset or arm psp chip. But this only works if your machine is compromised.

Funny because CTS labs said these exploits cant be mitigated and AMD should file for bankruptcy lol. Is it an exploit if you have already been exploited for the exploit to work?

Geck0 · 22 Mar 2018 at 10:15

Having watched the Adored video I'm revising my take on the issue as follows;

1) Someone funded this hit piece, it obviously was researched for quite a while with a lot of man hours and that isn't something any company does for free or on the cheap, especially IT security companies with a small head count in Israel.
2) I think that market manipulation was either secondary or unintended, possibly triggered by a leak to the shorter by the security company but more interesting, and more probably by one of the online tech press who were leaked the stuff well ahead of time. Any of the breaking sites have links to these guys?
3) Not a mention of Intel is telling, to say the least but you'll never prove it as these CYTS guys will just evaporate and the deal will have been done via intermediaries in any case. nV could be complicit as well but likewise will never be tied to it.

I'll go full retard now and offer another explanation that some on here will like. AMD did it. It was that ham-fisted and ludicrous with issues easily fixed that materially it wasn't an issue but would damage Intel and nV by default - which it has. It's damaged AMD very little.

Dinner time now, out.

sideways14a · 22 Mar 2018 at 11:27

https://www.ctsflaws.com/

NAsty lot of flaws these CTS guys have, good job someone made a website and posted them up for all to see... tut tut tut /sarc

humbug · 22 Mar 2018 at 13:06

sideways14a said:
https://www.ctsflaws.com/

NAsty lot of flaws these CTS guys have, good job someone made a website and posted them up for all to see... tut tut tut /sarc

Love it

Rroff · 22 Mar 2018 at 14:39

Geck0 said:
I'll go full retard now and offer another explanation that some on here will like. AMD did it. It was that ham-fisted and ludicrous with issues easily fixed that materially it wasn't an issue but would damage Intel and nV by default - which it has. It's damaged AMD very little.

Hah as amusing as that would be the problem there is they are partially pointing the finger at ASMedia and ARM - who due to the slur against their hardware and the huge markets they are into would have no choice but to sue if this was all made up - and that would be talking colossal redressing of damages.

Likewise goes for CTS or anyone connected to them if they are pointing at security vulnerabilities in these 3rd party modules which aren't there - ARM commands a multi-billion dollar industry so can't afford to take smears against them lightly if there is nothing to it.

Also for those still saying its just the same for Intel - because AMD put the controllers into the Promontory chipset you can use an exe in Windows to exploit them - although AMD is saying you can't in this case take permanent control of this part - while on the Intel side to get at the firmware of these controllers you need to reboot into a pure DOS environment even assuming you can just straight up flash anything you like without physically taking the chips out and updating them via a chip programmer. Also these chips have a testmode and debugging options that are only available via physically having access to the chip which would be used for testing.

I really hope someone who actually knows what they are talking about here does a proper technical breakdown as my knowledge is relatively basic while I've dabbled and can understand the datasheets I've little production experience or hands on experience with how they work when dealing with the system itself at a low level - but I know enough to know that a lot of the information banded about doesn't mesh with the actual technical details.

humbug · 22 Mar 2018 at 14:43

Rroff said:
Hah as amusing as that would be the problem there is they are partially pointing the finger at ASMedia and ARM - who due to the slur against their hardware and the huge markets they are into would have no choice but to sue if this was all made up - and that would be talking colossal redressing of damages.

Likewise goes for CTS or anyone connected to them if they are pointing at security vulnerabilities in these 3rd party modules which aren't there - ARM commands a multi-billion dollar industry so can't afford to take smears against them lightly if there is nothing to it.

Also for those still saying its just the same for Intel - because AMD put the controllers into the Promontory chipset you can use an exe in Windows to exploit them - although AMD is saying you can't in this case take permanent control of this part - while on the Intel side to get at the firmware of these controllers you need to reboot into a pure DOS environment even assuming you can just straight up flash anything you like without physically taking the chips out and updating them via a chip programmer. Also these chips have a testmode and debugging options that are only available via physically having access to the chip which would be used for testing.

I really hope someone who actually knows what they are talking about here does a proper technical breakdown as my knowledge is relatively basic while I've dabbled and can understand the datasheets I've little production experience or hands on experience with how they work when dealing with the system itself at a low level.

Did you not watch the Video Roff? CTS-Labs themselves admit the problem is with the ASMedia Chip-Set and other systems using that Chip-Set are vulnerable, they didn't give any names but it can only be Intel.

The transcript for that is on AnandTech.

Rroff · 22 Mar 2018 at 14:56

humbug said:
Did you not watch the Video Roff? CTS-Labs themselves admit the problem is with the ASMedia Chip-Set and other systems using that Chip-Set are vulnerable, they didn't give any names but it can only be Intel.

The transcript for that is on AnandTech

Problem is people aren't understanding the nuance - the problem is multipart which not all uses will satisfy - getting into the controller, getting control of the vulnerabilities in the controller, using those vulnerabilities to be able to mount either man in the middle attacks on data passing through them or against the main system itself - which doesn't automatically follow as being possible even once you've used vulnerabilities to compromise access to the controller.

A lot of people are focussing on the bit in bold.

humbug · 22 Mar 2018 at 15:07

Rroff said:
Problem is people aren't understanding the nuance - the problem is multipart which not all uses will satisfy - getting into the controller, getting control of the vulnerabilities in the controller, using those vulnerabilities to be able to mount either man in the middle attacks on data passing through them or against the main system itself - which doesn't automatically follow as being possible even once you've used vulnerabilities to compromise access to the controller.

A lot of people are focussing on the bit in bold.

There is no nuance, not everyone but you is stupid given you are the only one on earth right now still trying to legitimize the now discredited CTS-Labs, yet this is what they said.

The client works on AMD Ryzen machines but also works on any machine that has these ASMedia Chip-Sets and so quite a few Motherboards and PC's are affected by these vulnerabilities as well

Intel use the same ASMedia Chip-Set's, they are even the same model. Nothing nuance about that, its very plain.

Rroff · 22 Mar 2018 at 15:27

humbug said:
Intel use the same ASMedia Chip-Set's, they are even the same model. Nothing nuance about that, its very plain.

All that means is these systems have a controller with vulnerabilities - that doesn't automatically mean you can do something with those vulnerabilities even if you can expose them.

This isn't actually particularly newsworthy in itself there are dozens of microcontrollers out there that internally have poor mitigation against exploitation or other internal vulnerabilities - pretty much a given in any device that use a few there are 1-2 of various brands - that doesn't mean the systems they are used in are automatically compromised.

humbug · 22 Mar 2018 at 15:37

Rroff said:
All that means is these systems have a controller with vulnerabilities - that doesn't automatically mean you can do something with those vulnerabilities even if you can expose them.

This isn't actually particularly newsworthy in itself there are dozens of microcontrollers out there that internally have poor mitigation against exploitation or other internal vulnerabilities - pretty much a given in any device that use a few there are 1-2 of various brands - that doesn't mean the systems they are used in are automatically compromised.

Yes it does, that's exactly what it says.

but also works on any machine that has these ASMedia Chip-Sets and so quite a few Motherboards and PC's are affected by these vulnerabilities as well

You're right on one thing its not particularly news worthy, i said this right from the start this is based on common rout kits and turned by CTS-Labs into this huge "AMD worth $0:00 and should file for bankruptcy immediately because it so serious its impossible to fix" < 'Their words' kind of issue, only you are still banging on about how its a problem and such a problem for AMD only, you, just you, the entire industry including the very people tasked with verifying this have said this is a none issue and not unique or in anyway limited to AMD.

Give it up, you're not always right and just because Intel security is now a joke doesn't mean AMD must be dragged down to the same level.

Rroff · 22 Mar 2018 at 15:46

humbug said:
Yes it does, that's exactly what it says.

You're right on one thing its not particularly news worthy, i said this right from the start this is based on common rout kits and turned by CTS-Labs into this huge "AMD worth $0:00 and should file for bankruptcy immediately because it so serious its impossible to fix" < 'Their words' kind of issue, only you are still banging on about how its a problem and such a problem for AMD only, you, just you, the entire industry including the very people tasked with verifying this have said this is a none issue and not unique or in anyway limited to AMD.

Give it up, you're not always right and just because Intel security is now a joke doesn't mean AMD must be dragged down to the same level.

You are still misunderstanding the issue - what they are saying is the controller in many systems are affected by these vulnerabilities - it doesn't mean that controller can be used to anything useful even if you can take control of it. This is where the more noteworthy part comes in.

This is NOT based on common root kits.

EDIT: It is fascinating you keep dragging Intel into it - I don't think I've bigged up Intel in this thread at all - in fact quite the opposite in most cases.

humbug · 22 Mar 2018 at 15:58

Rroff said:
You are still misunderstanding the issue - what they are saying is the controller in many systems are affected by these vulnerabilities - it doesn't mean that controller can be used to anything useful even if you can take control of it. This is where the more noteworthy part comes in.

This is NOT based on common root kits.

Given that only you understand it like that, given what the entire industry understands disagrees with you entirely are you so arrogant as to presume only you can possibly be right?

You keep saying "but other people don't understand" well lets try a different angle, make your case, don't just post a wall of text gibberish and assume people are too lazy to read it or just assume the gibberish is incomprehensible to them and in both cases just take your word for it, no, you stand alone among recognized professionals contradicting them, don't just do that and run, elaborate your arguments.

Undesirable · 22 Mar 2018 at 16:18

We need a wealthy 3rd party to fund a research group to find out if ASMedia chip flaws can be exploited on Intel platforms. Only give them 24 seconds notice though, because users need to be protected.