Intentionally splashing dirty water? AMD Official Response Zen Security Vulnerability
AMD has made an official response to this, saying that it has never heard of the company CTS-Labs. These loopholes have not been reported to AMD in advance, and officials are conducting investigations and analysis. In addition, there were many doubts about this matter, and foreign authoritative media such as AnandTech also raised various questions.
The CTS-Labs, a security agency from Israel, suddenly exposed the material and claimed that there were four groups of 12 high-level security flaws in the AMD Zen architecture processor, involving Ryzen and EPYC's full range of products.
AMD published a copy of this for the first timeOfficial statement:
"We have just received a report from a company called CTS-Labs, claiming that there may be security holes in our particular processor products." We are actively conducting investigations and analysis. The company, AMD, has never heard of it, and it is unusual that the security agency directly disclosed its findings to the media without giving AMD reasonable time to investigate and resolve the issue. Security is the primary responsibility of AMD. We continue to work hard to ensure the safety of our customers and respond to new security threats. We will announce the first time if there is any follow-up progress. ”
It can be seen that AMD was caught off guard because of sudden incidents, especially if these loopholes were found not to be notified in advance and given a quiet period of 90 days according to industry practice, and it is impossible to fully confirm the authenticity of these loopholes.
Even if there are really loopholes, this matter seems very strange.
Foreign authoritative hardware mediaAnandTechIn reporting this matter, it first put forward a series of queries:
1. CTS-Labs gave AMD only 24 hours to know where the problem was. The industry standard was to contact the company concerned in advance after the vulnerability was discovered, and it would take 90 days for it to be open to the public so that the solution could be fixed. Disclosure of technical details of loopholes.
2. Prior to informing AMD and disclosure, CTS-Labs first contacted some media to inform them of the situation.
3. CTS-Labs was just established in 2017 and its qualifications are still light. This is just their first public safety report and it has not disclosed any of its customers.
4. CTS-Labs does not have its own official website. The announcement of this loophole has specifically established a website called AMDFlaws.com, or just registered on February 22.
5. Looking at the layout of the website, it looks like it has been prepared in advance for a long time and has not considered AMD's response.
6. CTS-Labs also employs a public relations company to respond to industry and media contacts. This is not a normal security company style.
AnandTech sent an e-mail inquiry to CTS-Labs for these questions and has not received any response.
Many people may be compared to the Meltdown, Spectre Ghost Vulnerabilities that have recently been buzzing, but the latter has long been recognized by authoritative security groups such as Google, and has been the first time with Intel, AMD, ARM, Microsoft, Amazon, and Amazon. And so on, related companies in the industry have made contact and communication to solve the problem. Finally, media explosions are accidental exposures, and it was very close to the lifting of the ban.
It is also worth noting that the vulnerabilities of this exposure are all related to the security coprocessor (ARM A5 architecture module) and chipset (Xiao Shuo outsourced to AMD) of the AMD Zen processor, and the Zen microarchitecture itself. No relationship, not a core level issue.
There are also media reports that if an attacker wants to exploit these vulnerabilities, he must obtain administrator privileges in advance before he can install malicious software through the network. The degree of harm is not the highest, and belongs to the second-class vulnerability.
In the past year, AMD processors can be said to be in full swing and have been making rapid progress in various fields, gaining widespread recognition from the industry and users. Now that the second-generation Ryzen CPU is about to be released, suddenly there is such a very strange loophole. What's behind the unknown story? It is really worth pondering.
As we progress, we will continue to pay attention.
Israel’s security agency CTS-Labs exposed a fierce blitz claiming that AMD Zen architecture processor has four groups of 12 high security vulnerabilities involving Ryzen and EPYC across the board.
The Israeli security company CTS-Labs found that there are as many as 12 high security vulnerabilities in the AMD Zen CPU architecture, which are no less harmful than fuses and ghost holes.
These vulnerabilities affect AMD Ryzen desktop processor, Ryzen Pro enterprise processor, Ryzen mobile processor, and EPYC data center processor. Different vulnerabilities correspond to different platforms, 21 of which have been successfully used, and 11 of which have been utilized. Possible.
The use of these vulnerabilities can cause a number of serious harms to the AMD Zen platform, including: controlling the Ryzen/EPYC security processor, controlling the Ryzen motherboard, infecting AMD processors with malware, stealing corporate network sensitive information, bypassing almost all terminal security software, Causes physical damage to the hardware.
These vulnerabilities fall into four categories:
It includes three loopholes that affect Zen Architecture's full range of products. It exists in the Secure Boot feature. It can modify the system BIOS with a special Ring 0 privilege level software to bypass security checks.
The reason for this vulnerability is that AMD Zen's architecture-integrated security processor (a 32-bit Cortex-A5 architecture module) does not use its own separate physical memory space, but rather shares system memory.
Including four vulnerabilities, the full range of Ryzen is affected, as opposed to the Zen security processor, which can lead to the disclosure of public and private keys and execute at the chip level due to flaws in the design of security processors and integrated memory controllers.
In addition, the vulnerabilities can also bypass Windows Defender Credentials Guard, which is used to save and authenticate passwords, as well as other security features, and can even be used to spread to other computers.
There are three vulnerabilities that can open up the virtual machine and the host. The attack object is the server-level EPYC.
Including two vulnerabilities, it is not a processor but a matching 300 series chipset. Researchers have found that a keylogger can be inserted into the chipset through the network, and then through the motherboard BIOS, because it is stored in an 8-pin serial ROM connected to the chipset.
Researchers have published relevant loopholeswhite paper, but hidden technical details for protection purposes, but also gives solutions, AMD has 90 days to repair them.