Security Market Segment LS
Wednesday, 14 March 2018 07:17

Israeli firm dumps AMD flaws with 24 hours notice Featured


Security researchers from a previously unknown Israeli company, CTS Labs, have disclosed 13 flaws in AMD processors. All can be taken advantage of only by an attacker who has already gained admin privileges within the system in question.

The flaws were published on a website, accompanied by a white paper from which technical details were redacted, in order, CTS Labs said, to prevent exploitation based on what it had decided to publicise. From archived information, it appears that the CTS Labs domain was registered in June last year. 

AMD was given 24 hours to respond though standard practice in the security community for many years has been to give a company, whose products are found to have bugs, 90 days to respond.

In most cases, disclosure after the 90-day period is a exercise which is co-ordinated between the bug finder and the company whose product is vulnerable.

Soon after the CTS Labs publication, a company named Viceroy Research issued an analysis with the dramatic headline: "AMD – The Obituary". Viceroy is reported to have three people on staff: John Fraser Perring, a 44-year-old Briton, and two Australians, Gabriel Bernarde and Aidan Lau. The company has published such sensational reports, about other industries, in the past.

The disclosure of the bugs comes a couple of months after flaws in Intel processors, known as Meltdown and Spectre, were made public. This disclosure, however came after a long period, as the initial information was provided to Intel by Google in June 2017.

The bugs themselves fall into four categories (names given by CTS Labs): Ryzenfall, Chimera, Fallen and Masterkey.

CTS Labs said that the Ryzen chipset, a new line from AMD, was being shipped with exploitable backdoors, which had come about as a result of obtaining technology from ASMedia, an outsourcing partner.

It pointed out that ASMedia, a subsidiary of ASUSTek Computer, had been penalised by the US Federal Trade Commission for not taking security seriously.

Under the Ryzenfall category, CTS Labs claimed that malicious code could be used to take over the AMD Secure Processor; privileges of this processor could be used to write into protected memory areas; Windows Credential Guard could be bypassed and network credentials stolen; and Ryzenfall could be used along with Masterkey to install persistent malware on the Secure processor.

In the Fallen category, CTS Labs listed vulnerabilities that allowed reading and writing to protected memory areas; leveraging of these flaws to steal network credentials protected by Windows Credential Guard; and bypassing BIOS flashing protections implemented in SMM.

Under the category Masterkey, CTS Labs claimed that there were a number of flaws in the firmware of the secure processor that would allow attackers to gain access to this processor; stealthy and persistent malware could reside in this area; AMD's firmware-base security features like Secure Encrypted Virtualisation and Firmware Trusted Platform Module could be tampered with; network credential theft was possible, and hardware could be physically damaged and bricked.

In the Chimera category, CTS Labs said it had found two sets of backdoors, one in firmware and one in hardware, both allowing malicious code to be injected into the Ryzen chipset; the chipset's middleman position could be leveraged for attacks; chipset-based malware could evade endpoint security solutions; and malware on the chipset could use direct memory access to attack the operating system.

All the vulnerabilities were revealed to the security firm Trail of Bits last week. Its founder Dan Guido told the Motherboard website that each of them was exploitable and worked as described. Guido was paid US$16,000 for his work as a contractor, a fact he disclosed in a tweet.

British security researcher Kevin Beaumont said in an initial technical analysis:

  • All of the bugs require administrator (or root) access to exploit. This is a significant mitigation.
  • All of the bugs require the ability to execute code. This is a significant mitigation.
  • No proof of concept code has been provided.
  • No technical information has been published.
  • Nothing is in the wild for this.
  • It could not lead to a global cyber attack like WannaCry, as it does not provide code execution.

iTWire has sought clarification from CTS Labs on various aspects of the disclosures, including matters surrounding them which have been raised by various security researchers.

AMD said in a public statement on its website: "We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors.

"We are actively investigating and analysing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.

"At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops."

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News