CTS Labs Make Mountains Out of Molehills over Minor Secondary Vulnerabilities

So apparently a smear campaign has been launched today aimed at bringing down AMD's stock. The company claims to have found 13 "vulnerabilities" in AMD's Zen cores but in most cases those require physical or administrative access to a machine (at which point you basically have full control over the system). The shady company - CTS Labs - (whose offices are apparently stock footage: https://www.reddit.com/r/Amd/comments/846gpm/how_cts_labs_created_their_offices_out_of_thin_air/) are backed by an even shadier doomsaying company - Viceroy - who are basically screaming apocalypse. To make things even more ridiculous, CTS only gave AMD 24 hours to fix these so-called bugs where the minimum legal requirement (I think) is 90 days or about 2160 hours. Spectre and Meltdown, for example, had a 6-month (4220-hour) period in which the companies had time to address them.

The full ****show can be found here: https://linustechtips.com/main/topi...scovered-in-amd-zen-processors-amds-meltdown/

PS: Post #5 basically debunks everything the "researchers" claimed.

 

I can't even imagine why people would do that. Bringing down AMD won't make Intel get magically better.

 

I have been posting in the Ryzen thread, this is a 100% scam. bad domains, just made youtube channel etc.etc.etc......

 

Meh. This is a bigger story as far as I'm concerned:

 

Holy title gore. I was about to report this as spam.

 

Trying to make it precise and simple

 

A self-fulfilling prophecy. Now team red get's to be the drive-by media's whipping post and object of overblown security hype and hooplah. Sigh... I suppose the OCD kiddos always need a crisis of some kind.

déjà vu... c'est la vie... flashback to the Intel security hype thread...

 

As @TANWare said there are a number of posts about this in the Ryzen thread:
http://forum.notebookreview.com/thr...ga-polaris-gpus.799348/page-414#post-10694963
http://forum.notebookreview.com/thr...ga-polaris-gpus.799348/page-414#post-10694917

 

Alleged AMD Zen Security Flaws Megathread
https://www.reddit.com/r/Amd/comments/845w8e/alleged_amd_zen_security_flaws_megathread/

" The Accusers:
AMDFlaws

Viceroy Research

Media Articles:

AnandTech:
Security Researchers Publish Ryzen Flaws, Gave AMD 24 hours Prior Notice

Guru3D:
13 Security Vulnerabilities and Manufacturer 'Backdoors Exposed' In AMD Ryzen Processors

CNET:
AMD has a Spectre/Meltdown-like security flaw of its own

TPU:
13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors

Phoronix:
AMD Secure Processor & Ryzen Chipsets Reportedly Vulnerable To Exploit

HotHardware:
AMD Processors And Chipsets Reportedly Riddled With New Ryzenfall, Chimera And Fallout Security Flaws

[H]ardOCP:
AMD CPU Attack Vectors and Vulnerabilities

TomsHardware:
Report Claims AMD Ryzen, EPYC CPUs Contain 13 Security Flaws

Breaking Down The New Security Flaws In AMD's Ryzen, EPYC Chips

Motherboard:
Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors

Other Threads:

• 13 Major Vulnerabilities Discovered in AMD Zen Architecture, Including Backdoors
• Security researchers publish Ryzen flaws, gave AMD 24 hours prior notice
• There seems to be a very well coordinated attack on AMD and its stock happening right now
• CNBC reporter backtracking on reporting AMD CPU flaws
• These AMD "security flaws" reported seem to be ludicrous.
• Anybody heard of these people before?
• AMD security flaw found in Ryzen, EPYC chips
• Some background information on the new AMD security vulnerabilities
• How "CTS Labs" created their offices out of thin air
• Linus Torvalds talks about CTS Labs / Ryzen Flaw
• The only the only thing that really concerns me is this Tweet by Dan Guido.
• Goddamnit, Viceroy again?!

Updates:
CNBC Reporter was to discuss the findings of the CTS Labs report
He provided an update saying it is no longer happening

AMDs Statement via AnandTech:
At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings

Second AMD Statement via AMD IR:
We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.

How "CTSLabs" made their offices from thin air using green screens!

We have some leads on the CTS Labs story. Keep an eye on our content. - Gamers Nexus on Twitter

Added some new updates, thanks to motherboard. dguido from trailofbits confirms the vulnerabilities are real. Still waiting on AMD. CTS-Labs has also reached out to us to have a chat, but have not responded to my email. Any questions for them if I do get on a call - Ian Cutress, Anandtech on Twitter

Linus Torvalds chimes in about CTS:

Imgur

Google+

Paul Alcorn from TomsHardware has spoken to CTS, article soon!

Twitter Thread by Dan Guido claiming all the vulnerabilities are real and they knew a week in advanced

Goddamnit, Viceroy again?! (Twitter Thread)

@CynicalSecurity, Arrigo Triulzi (Twitter Thread)

I'm off for tonight, updates will continue tomorrow

More news will be posted as it comes in."

Wow, pretty in depth, lots of info...

 

"Intel had no involvement in the CTS Labs security advisory." - Intel statement to GamersNexus

Assassination Attempt on AMD by Viceroy Research & CTS Labs, AMD "Should Be $0"
By Steve Burke & Patrick Lathan Published March 13, 2018 at 9:48 pm
https://www.gamersnexus.net/industry/3260-assassination-attempt-on-amd-by-viceroy-research-cts-labs

 

Suspicious AMD Ryzen Security Flaws, We’re Calling BS

13 AMD Security Flaws

Awesome Hardware #0142-A: An AMD Hitjob (Starts at 03:00)

 

Maybe part of the plan is desensitization so that when "the big one" hits nobody will actually believe it. Kind of like the "The Boy That Cried Wolf" story.

 

id like to wait and see what AMD has to say to these alleged vulnerabilities. until then, its a bit too quick to cry "fake news!" imho.

this is the central problem in today´s news: everyone just bashes forward and makes up his / her own opinion as "hard facts", not willing to wait such a LONG TIME for actual verification. cuz by then, its already "old news" and "boring"

what i do agree on, however, is the dubious / shady way these vulnerabilities were made public. that and the way CTS Labs presents themselves doesnt really inspire trust.

still, lets wait and see first if these vulnerabilities actually pan out or not.

 

Requiring physical access to access the BIOS and requiring contact physically to the hardware, sounds similar to the "don't forget to set your BIOS password" Intel security issues - and not the related AMT issues for remote execution without prior physical access.

Also, this has nothing to do with AMD CPU's, it's limited to the ARM Secure processor and ASMedia chips.

If this is indeed a problem to secure physical access against, not allowing BIOS updates to be done, not allowing physical access, and not allowing privileged access, then that should already be covered by physical security.

These "flaws" aren't on the level of the Spectre and Meltdown (on Intel CPU's, and fractionally on AMD CPU's), or the Hyperthreading flaw (Intel CPU).

The backlash of dismissive responses has to do with the companies involved appearing as though they are staging these otherwise non-critical security issues as being the downfall of AMD and how they can profit from it by managing the salaciousness of the presentation.

24 hours notice to AMD for something they have been cooking up for at least 7 months is beyond shady, and earns them derisive responses, well earned.

Is there anything to it to be worried about?, not that I can see so far. Secure your AMD computer physically and limit Administrator access, access to the BIOS, and physical access to the internal hardware (inside cabinet), and you should be ok.

Tracking this can involve waiting out AMD to take things seriously enough to push out BIOS and chipset updates, if it is serious at all.

The scammers perpetrating this will get called out as they should, and if AMD stock continues to maintain or rise in price - erasing holdings into losses - that will serve them right for all this useless noise, instead of treating this seriously - if indeed there is anything serious to deal with.

As @don_svetlio said in OP, post #6 here is a good quick debunking, with section "7." of particular interest:

"7. Exploits are common sense when it comes to security

MASTERKEY: "Exploiting MASTERKEY requires an attacker to be able to re-flash the BIOS with a specially crafted BIOS update. "

REBUTTAL: By the time you let attacker install BIOS you are already PWND

RYZENFALL: Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.

REBUTTAL: By the time you let attacker to have admin rights, they can do anything they want anyway!

FALLOUT: Exploitation requires that an attacker be able to run a program with local-machine elevated administrator privileges. Accessing the Secure Processor is done through a vendor supplied driver that is digitally signed.

REBUTTAL: Same as above. Not a major concern

CHIMERA: A program running with local-machine elevated administrator privileges. Access to the device is provided by a driver that is digitally signed by the vendor.

REBUTTAL: Same as above. Not a major concern."

 

Assassination Attempt on AMD by Viceroy Research & CTS Labs

 

yep, that accompanying Gamer´s Nexus article is a very nice summary and analysis of all the backgrounds concerning CTS Labs & Viceroy "Research"

 

I think Intel is behind this.

 

Nah, no way. There is no reason for Intel to sponsor such a half-assed assassination attempt. They could afford to do it right if they actually wanted to. They won't need to do anything anyhow because its only a matter or time before a real vulnerability is discovered. The way the drive-by media blows everything out of proportion, it will be viral within hours with no need for validation.

 

agreed, i dont think intel would need such a stunt, they have far more cunning and subtle methods at their disposal, should they choose to do so

 

You have to remember also there were some buyout/takeover rumors as well. This could be a ruse to lower the stock costs for exactly that too.

 

Sounds exactly like what the PC market would need, less competition, so that Intel and nVidia can even forgo the vaselline in the future. Terrific.

 

https://www.crn.com/news/security/3...-cts-labs-claims-involving-amd-processors.htm

https://www.reddit.com/r/Amd/comments/84das9/cts_labs_be_like/
https://wccftech.com/report-alleges-amd-ryzen-epyc-cpus-suffer-13-fatal-security-flaws/
https://www.wired.com/story/amd-backdoor-cts-labs-backlash/
https://www.securityweek.com/security-firm-under-fire-over-disclosure-amd-chip-flaws
https://glennchan.wordpress.com/201...id-from-viceroy-cts-labs-ninewells-volume-ii/
https://www.hardocp.com/news/2018/03/14/much_amddo_about_nothing/

Claiming sent POC, but it seems no one has said they have received one. Even their white paper said they will not provide one either.
https://www.techpowerup.com/242346/...a-research-package-with-proof-of-concept-code

 

Well, the only way for it to matter as far as NVIDIA is concerned would be for AMD to release a high end GPU that is actually worth a damn that can overclock really well and match or beat the 1080 Ti. As of right now, AMD really does not have a respectable horse in the GPU race and NVIDIA is an army of one.

 

This is borderline fake news - these exploits rely on either having elevated admin privileges or flashing a custom BIOS with malicious code in it. Not only that, in order to use half of these, you'd need a signed driver/firmware file from AMD themselves in order for any of this to have the slightest chance of actually executing. And once you're flashing malicious firmware or have physical access to the system/admin status then basically any system would be susceptible to attacks, be it AMD, Intel, ARM or Tegra. Hence why I've put Fake News in parentheses - because it's character assassination and fear-mongering - nothing more.

 

btw guys, anyone noticed how the icons used by CTS labs for the four vulnerability classes are STRANGELY familiar and look ALMOST EXACTLY like the icons used in a pretty awesome android game ive played myself named Plague Inc.?

Decide for yourself

Link 1: https://www.gamersnexus.net/media/k2/items/cache/6298409edce707e5033953f324dc58ef_XL.jpg

Link 2: https://www.imore.com/sites/imore.c.../2014/01/plagueinc-symptoms.jpg?itok=6eVD3gVw

 

At this point, if CTS turns out to be a rejected asset flip game from steam I wouldn't be that surprised.

 

We have hit a new low, for what ?
The WallSt. powerful oligarchs.

First wave was that decade old flaw in Intel and the multi CPU affecting Spectre and now the AMD's Ryzen being targeted after Intel's share fell. Adding that damn Broadcom hostile takeover which has been a hell ride from Nov 2017 to Mar 2018, finally US govt realized how they are losing the game and stepped up against that to retain Qcomm and in that midst of chaos Intel's massive takeover rumor from WSJ setting an another wave.

I suspect Intel is behind this or someone indirectly related to Intel, from what I remember during the old times Intel sabotaged AMD by giving OEMs deals through backstage..Viceversa for the damn Meltdown - OPINION

Damn that Ngreedia GPP B$. WTH is going on ?!


O/T -

Spoiler: Broadcom-Qualcomm, consolidated bits of information that I managed to tie it up in one post.

News of the year !

Was worried that Broadcom/AVGO would instantly sell the crucial assets and sell off the patents and discard the licensing business by selling and finish that massive debt of $100+Bn. Glad that It had happened, US finally got hold of how CN is leading in the Semi industry, look at TSMC's recent projects and they build the A series chips, Nvidia chips on 12nm FFN and 3nm is in their pipeline while GoFlo (Arab corp owned) is bleeding due to EUV investment, Samsung's dominance over Intel (NA corp), only other player left for NA is WD+SanDisk and Toshiba's fab, along with Xilinx.

Also Intel's mulling over the Broalcomm was too dangerous. So is the new Chinese Huawei's dominance in tech communication sector. They followed Apple on blasting Qcom, because they had the leverage from MOFCOM for the NXP deal & Apple has $900Bn marketcap over these puny companies, Intel has $244Bn, Qcom+AVGO will have more than that. Also yesterday's Xi of CN's PRC voted for indefinite term for presidency that's far far like Mao's era. CN is a danger, the totalitarianism had to be put in check, with the 10% advantage of 5G essential Patents from Huawei (no IP infringement on CN grounds will ever be favorable for the rest of the world companies so no one challenges them, look how Apple bends to their will, the latest iCloud data was given to the CN's GCBD and the VPN ban. Tim Cook fleecing their customers) their dominance would have hindered one of the greatest American jewel of innovation. Apple is the highest beneficiary if this deal went through because Broadcom has strong ties with Apple and the IP business going down will allow them to buy massive tech and undermine the competition.

Centriq ARM processor division would have died immediately and instantly and for Android userbase the SoC's prized Adreno, X50 advancements, CAF would have been diluted. Similar to the Broadcom's & LSI's divisions being cut off I know that Qcom is involved in predatory practices but the Apple's one was far far more dangerous. Read about the Infineon deal and Wimax on the iPhone 2G with Qualcomm's forced STP involvement (the price that Apple should pay was clear than ever, because Qcom invented and paved way for the CDMA LTE that Verizon and Sprint use along with 18 Month lead in this sector, Intel XMM 8k series now started to begin thus Apple attacked Qcom, not new to Apple considering the poaching and abandonment of the Imagination Tech, GTAdvanced and Dialog Semi. Apple always sneaks off silently perhaps due to their sheer performance in stocks, that Berkshire Hathaway's Mr. Warren is now a BOD). Broadcom's M&A business model would instantly make a massive hole in the R&D role that Qualcomm plays and reaps benefits. After Broadcom and Brocade's loss this was going to be huge to AVGO.

Really glad that happened. Nov 2017 to March 2018. the bloody battle ends now, of course the toll was Mr. Paul Jacobs stepping down from his own company which is father Irwin Jacobs founded.

Reason I root for Qcomm despite the evildoings because after TI's OMAP left the field and Exynos shutted it's doors past SGS III there's no one in the Android SoC industry reaching to that mark, Qualcomm did unfair practices like killed the Nexus 5's SD800 Vulkan driver release and stopped it's advancement (Google's CTS mandates for Android v7) due to multitude of reasons. All of the CAF advancements would have been drained off, Exynos, Kirin don't stand a chance against the developer friendly Snapdragon platform.

 

That's what I was thinking. Even without Boot guard tech on my BIOS, I wasn't able to flash modded BIOS. After flashing that, BIOS was instantly bricked.
I suspect they used Manufacturing mode to test them.

 

If they actually managed to get any of this working. So far, we have not heard of nor seen any functional code being showed.

 

After what Intel had done in the past and now nvidia trying to repeat the same thing, I wouldn't be surprised if a ghost company was set up to pay/back this fake news.

 

Mission Possible: Ghost Defamation.

 

omegalul

 

https://www.digitaltrends.com/computing/amd-ryzenfall-vulnerabilties/

Has AMD come out and said that these are not real yet?

 

theyre still testing as it seems. no surprise though with such little time to prepare...

Sent from my Xiaomi Mi Max 2 (Oxygen) using Tapatalk

 

The point isn't whether they are real or not, the point is they require physical access, administrator privileges, and require the ability to flash a custom BIOS and run a signed custom driver.

Rare occasions each, but put together altogether nothing to panic about, so the noise created by the scammers putting this out as a tool to reap financial windfall from the damage done is the real problem, the real exploit.

AMD – The Obituary
https://viceroyresearch.org/2018/03/13/amd-the-obituary/

Keep reading and watching what's posted here and learn about the real "fake news" scam that's the point of the thread.

 

The people trying to make money off this, Ugh......
https://www.biznews.com/undictated/2018/03/15/viceroy-buddy-amd-cts-labs/
https://www.fool.com/investing/2018/03/14/chip-flaws-could-be-big-trouble-for-amd.aspx

 

The Wired article isn't as damning as the biznews quote suggests:

RESEARCHERS POINT TO AN AMD BACKDOOR—AND FACE THEIR OWN BACKLASH
ANDY GREENBERG, 03.13.1803:41 PM
https://www.wired.com/story/amd-backdoor-cts-labs-backlash/

"All of which adds up to a confusing package: The company's hyped-up marketing around its findings merit some extra scrutiny. But whatever its motives, the CTS research seems to be largely valid. For anyone whose PC or server contains a potentially backdoored AMD chip, it's worth not letting doubts about the messenger get in the way of the message."

Wired are saying the same as we've all concluded, the hacks are doing something, whether mitigation is easy or difficult to fix, it's too soon to panic.

Google Intel AMD, and Microsoft had 6 months to react to Spectre and Meltdown, and so far not a lot of progress has been made.

24 hours, now going on 48 is hardly enough time to react and release fixes, as they are necessary for complete mitigation.

And, as Wired said:

• "However bad the AMD discoveries may be, they're nowhere near on the level of the industry-shaking Meltdown and Spectre vulnerabilities
• The most remarkable thing about Meltdown and Spectre? Four groups of researchers found the years-old bugs at around the same time
• That, and fixing them remains a bit of a train wreck"

Wired's suggestion to not ignore the potential problems even though the messenger appears historically tainted, which I don't agree with.

As far as I am concerned whipping things up into as damaging a fake panic as possible - with transparent motives to use that panic to generate profits - going so far as to ranting apocalyptically in their claims is enough of a reason to discount their pretense of carefully constructed "faults".

By having Administrator access, physical access to flash a custom BIOS, and be able to load a signed custom driver, you could construct a terrible list of "faults" for Intel as well.

As a driver writer, you can make the hardware API do what you want, well outside the allowed / locked in capabilities as shipped to consumers.

I know this isn't easy to comprehend without having written device drivers, but it's how control is given and hardware and software are shaped and put in a form to be used.

Given unimplemented features, inaccessible or unused op codes or features, as a device driver writer you could enable those operations in many chipsets to do what you want.

I'm looking forward to AMD's "fixes" responses.

 

That is it, I do not think a fix can be in. How can AMD, or any other hardware manufacturer, stop someone with access to create and load a custom bios that has full admin rights that also has created a custom signed driver? It just so laughable a scenario, at this point Humpty Dumpty has already fallen of the wall and his shell is demolished!

 

http://www.zdnet.com/google-amp/article/linus-torvalds-slams-cts-labs-over-amd-vulnerability-report/

 

So to another question here, since Linux does not use signed drivers is it not effected?

 

that would actually make it easier to get access to the vulnerabilities. no official signing needed for a manipulated driver...

 

I am not sure if the driver model though is more sandboxed, in otherwords just limited to actual hardware control and not data scavenging etc..

 

Maybe it's time to change a bit on thread title. "Fake News" ain't correct. It's what it is... Detected vulnerability flaws. Milk money on stock trading or not. The flaws are still real no matter how you turn it.

 

I think proof-of-concept code is needed before we can call them real, though. A 1337 BIOS image is not really proof of anything.

 

They already listed on their website they don't need some fancy BIOS or driver to exploit the chips with one of the vulnerabilities. They have proven they can use existing already signed drivers to exploit the chip. That does not at all seem impossible or difficult to exploit.

"Do these vulnerabilities require the ability to sign a driver?
No. Our proof-of-concept exploits rely on an already-signed driver supplied by the vendor."

 

Thing is - there is no proof to back it up. And many security experts have said that they are very skeptical and with good reason.

 

https://arstechnica.com/information...-in-amd-chips-make-bad-hacks-much-much-worse/

So the guy in those article stating he has tested their PoC is lying? I think he's a well known security expert. I don't think for the normal user that you have anything to worry about, and just like the Meltdown and Spectre exploits, I do feel all of this is overblown. Still a vulnerability is a vulnerability and shouldn't just be immediately dismissed because the company went about it in a shady way or has a financial interest in a competitor.

If these exploits were indeed fake, AMD would have already issued a statement saying so.

 

Since the vendor has not been given time to respond I have to leave the title as is. Once they can confirm the validity of the claims we can adjust accordingly. At the moment it is fake as all it is , is just fear mongering not a responsible dialog between two entities..

 

My understanding is he tried for several days to contact them and work on this but when he got no response he billed them for a week. Validity, I do not think so.

 

https://www.extremetech.com/computi...ith-amd-security-disclosures-digs-deeper-hole
https://pokde.net/news/amds-security-flaw-disclosure-by-cts-labs-under-fire/

Oh yeah., I trust these guys. Everything expressed is opinion, not fact! where have we heard that?
https://www.cnbc.com/2018/03/12/reu...ys-viceroys-prosieben-report-broke-rules.html