• Feeding off each other's negative cyber energy.
  1. New Rule: If you declare your post is against the rules, it will be deleted.

Disaster Researchers find 13 security flaws in AMD's Ryzen/Epyc chips, including CPU level malwareMost involve "security processor" hacks, think like the Intel ME exploits.

Discussion in 'Articles & Happenings' started by CIA Nigger, Mar 13, 2018.

Forum Guidelines
  • Don't post if you have nothing to say. If anyone could write your post, it doesn't need to be made. One-word replies are automatic 1-month bans from this board.
  • Hide your powerlevel. Avoid revealing intimate, personal details about yourself in public boards. These threads are not your personal blog and we are not an asylum.
  • Create accurate topic titles. Threads should be labeled correctly and avoid sensationalist language.
  • Cite an article. This board is for content aggregation and should feature at least one source.

@Lipitor

  1. https://archive.fo/x4F2N

    Researchers have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices.

    Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors -- typically where your device stores sensitive data like passwords and encryption keys. It's also where your processor makes sure nothing malicious is running when you start your computer.

    The majority of these vulnerabilities require administrative access to work, meaning that an attacker would need to have control of your machine through some type of malware first. But even with administrative access, putting the malware on the secure processor itself has a higher potential for damage that a normal attack wouldn't.

    CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD's Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers.

    The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for at least 90 days' notice so that companies have time to address flaws properly. For comparison, Google's researchers gave Intel six months to fix issues related to Spectre and Meltdown.

    Disclosing a vulnerability to the public without giving a company enough time to fix it can be irresponsible, as it leaves the flaws open for attackers to use without giving companies enough time to fix it. Imagine somebody telling your entire neighborhood there's a whole in your fence just 24 hours after letting you know.

    "At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings," an AMD spokesman said.

    Skeptics have also criticized CTS-Labs' legal disclaimer, which noted that the researchers might have something to gain from the unorthodox disclosure method.

    "Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports," the disclaimer said.

    CTS-Labs did not respond to a follow-up email asking what financial gains it would have from the research's report.

    The revelation of these vulnerabilities comes after the emergence of Meltdown and Spectre, security flaws that affected Intel and Arm chips, which affected a huge number of PCs dating back two decades. According to researcher Statista, 77 percent of computer processors are from Intel, while AMD accounts for 22 percent.

    When the Meltdown and Spectre flaws were revealed in January, AMD said it was not affected because of the differences in its architecture.

    These new security vulnerabilities break down into four categories, according to CTS-Labs co-founder and Chief Financial Officer Yaron Luk-Zilberman. All essentially allow an attacker to target the secure segment of a processor, which is crucial to protecting the sensitive information on your device.

    Security researchers also criticized the published white paper for lacking any technical details describing the vulnerabilities. CTS-Labs said they sent their technical report to Dan Guido, an independent security researcher and the CEO of Trail of Bits.

    He said the company sent him the details last week, and noted that they were legitimate threats.

    Guido also said CTS-Labs paid him the company's "week rate for the work."

    "You're virtually undetectable when you're sitting in the secure processor," Luk-Zilberman said. "An attacker could sit there for years without ever being detected."

    Here's a breakdown:

    Master Key
    When a device starts up, it typically goes through a "secure boot" process. It uses your processor to check that nothing on your computer has been tampered with, and only launches trusted programs.

    The Master Key vulnerability gets around this startup check by installing malware on the computer's BIOS, part of the computer's system that controls how it starts up. Once it's infected, Master Key allows attackers to install malware on the secure processor itself, meaning they'd have complete control of what programs are allowed to run during the startup process.

    From there, the vulnerability also allows attackers to disable security features on the processor.

    Ryzenfall
    This vulnerability specifically affects AMD's Ryzen chips and would allow malware to completely take over the secure processor.

    That would mean being able to access protected data, including encryption keys and passwords. These are regions on the processor that a normal attacker would not be able to access, according to the researchers.

    If attackers can bypass the Windows Defender Credential Guard, they could use the stolen data to spread to other computers within a network. Credential Guard is a feature for Windows 10 Enterprise, which stores your sensitive data in a protected section of the operating system that normally can't be accessed.

    "The Windows Credentials Guard is very effective at protecting passwords on a machine and not allowing them to spread around," Luk-Zilberman said. "The attack makes spreading through the network much easier."

    Fallout
    Like Ryzenfall, Fallout also allows attackers to access protected data sections, including Credential Guard. But this vulnerability only affects devices using AMD's EPYC secure processor. In December, Microsoft announced a partnership with for its Azure Cloud servers using EPYC processors.

    "Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule," a Microsoft spokesperson said.

    These chips are used for data centers and cloud servers, connecting computers used by industries around the world. If attackers used the vulnerabilities described in Fallout, they could steal all the credentials stored and spread across the network.

    "These network credentials are stored in a segregated virtual machine where it can't be accessed by standard hacking tools," said CTS-Labs CEO Ido Li On. "What happens with Fallout is that this segregation between virtual machines [is] broken."

    Segregated virtual machines are portions of your computer's memory split off from the rest of the device. Researchers use them to test out malware without infecting the rest of their computer. Think of it as a computer inside your computer.

    With Credential Guard, sensitive data is stored there and protected so that if your computer was infected by normal malware, the malware wouldn't be able to access that data.

    Chimera
    Chimera comes from two different vulnerabilities, one in firmware and one in hardware.

    The Ryzen chipset itself allows malware to run on it. Because Wi-Fi, network and Bluetooth traffic flows through the chipset, an attacker could use that to infect your device, the researchers said. In a proof-of-concept demonstration, they said, it was possible to install a keylogger, which would allow an attacker to see everything typed on an infected computer.

    The chipset's firmware issues mean that an attack can install malware onto the processor itself.

    "What we discovered is what we believe are very basic mistakes in the code," said Uri Farkas, CTS-Labs vice president of research and design.

    What should I do?
    It's unclear how long it will take to fix these issues with AMD's processors. CTS-Labs said it hasn't heard back from AMD. The researchers said it could take "several months to fix." The vulnerabilities in the hardware can't be fixed.

    Intel and Microsoft are still managing patches for Meltdown and Spectre, and the fixes have ended up causing problems, including slower performance on affected computers. These new vulnerabilities could mean similar headaches for AMD-powered devices.

    "Once you're able to break into the security processor, that means most of the security features offered are broken," Li On said.
     
    • Informative Informative x 14
    • 🤔 Thunkful x 2
    • Feels Feels x 1
    CIA Nigger

    CIA Nigger someone anonymous who calls themselves CIA N[slur]
    Supervisor True & Honest Fan

    kiwifarms.net
  2. AMD is for poor people.
     
    • Disagree  x 9
    • Agree  x 2
    • Informative  x 1
    • Feels  x 1
    • Autistic  x 1
    • Powerlevel  x 1
    • Dumb  x 1
    CWCchange

    CWCchange ǝƃuɐɥɔƆMƆ

    kiwifarms.net
  3. Management Engines were a mistake.
     
    • Agree Agree x 6
    xxXDxx

    xxXDxx just magic, ain't gotta explain shit

    kiwifarms.net
  4. The sheer incompetence of this shit is infuriating. At least get the fucking hardware right!

    Or is everything really hackable at some level? :thinking:
     
    • 🤔 Thunkful x 5
    frozenrunner

    frozenrunner I could really use the salt

    kiwifarms.net
  5. Intel had similar exploits months back on the same "management engine" part of the CPU.
     
    • Agree Agree x 5
    CIA Nigger

    CIA Nigger someone anonymous who calls themselves CIA N[slur]
    Supervisor True & Honest Fan

    kiwifarms.net
  6. I'm cynical. I immediate assumed Intel bankrolled this research.
     
    • Agree Agree x 6
    • Informative Informative x 3
    frozenrunner

    frozenrunner I could really use the salt

    kiwifarms.net
  7. Is there a reason anyone is paying attention to a firm that started up a half hour after the Intel exploits were announced and may or may not employ 3 people?
     
    • 🤔 Thunkful x 9
    • Agree Agree x 4
    • Informative Informative x 1
    Oh Long Johnson

    Oh Long Johnson Collecting your suffering when you die
    True & Honest Fan

    kiwifarms.net
  8. I remember a time when CPUs weren't things that could be infected with malware.
     
    • Feels Feels x 7
    • Optimistic Optimistic x 3
    • Agree Agree x 1
    ToroidalBoat

    ToroidalBoat Token Hispanic Christmas Friend
    True & Honest Fan

    kiwifarms.net
  9. And they fixed it immediately.
     
    • Disagree Disagree x 1
    • Feels Feels x 1
    • DRINK DRINK x 1
    • Optimistic Optimistic x 1
    autism420

    autism420 neg rate me = u admit to being a fagit cuck nerd ߷
    True & Honest Fan

    kiwifarms.net
  10. The consensus is that the bugs are real but all nowhere near the level of Meltdown.

    CPU exploits have been a thing for some time now, just look at the famous Reset Glitch Hack for the Xbox 360, or how lately console hacks have involved exploiting the burnt in boot firmware.
     
    • Informative Informative x 3
    • Agree Agree x 2
    • Feels Feels x 1
    CIA Nigger

    CIA Nigger someone anonymous who calls themselves CIA N[slur]
    Supervisor True & Honest Fan

    kiwifarms.net
  11. Just when you thought it was safe to go to AMD after the Intel fiasco.... :thinking:
     
    • Agree Agree x 3
    • Feels Feels x 3
    Koby_Fish

    Koby_Fish The advice of the GALACTICALLY STUPID
    True & Honest Fan

    kiwifarms.net
  12. While this would leave some of us Ryzen owners worried, the idea that they could be doing this for Intel wouldn't be surprising.
     
    • Agree Agree x 2
    • Feels Feels x 1
    c-no

    c-no Pumpkin Hole
    True & Honest Fan

    kiwifarms.net
  13. I don't even have to check /g/ to know what half the threads are about tonight.
     
    • Agree Agree x 6
    kiwifarms.net
  14. Speaking of /g/
    thunkful.jpg

    interesting
    Makes them a bit less credible to me
    but appearances aren't everything, so we'll see how this turns out

    edit - also:
    thunkful 2.png

    there's more things in the thread but i've gotta go so here you are:
    https://boards.4chan.org/g/thread/65088485#q65088485
     
    • Agree Agree x 5
    • Like Like x 1
    • Informative Informative x 1
    • 🤔 Thunkful x 1
    #14 Polish Hot Dog (spicie), Mar 13, 2018
    Last edited: Mar 13, 2018
    Polish Hot Dog (spicie)

    Polish Hot Dog (spicie) jestem najlepsza

    kiwifarms.net
  15. Intels are insecure.
    AMDs are insecure.

    [​IMG]

    Before the home computer?
     
    #15 MarvinTheParanoidAndroid, Mar 13, 2018
    Last edited: Mar 13, 2018
    MarvinTheParanoidAndroid

    MarvinTheParanoidAndroid This will all end in tears, I just know it.
    Birthday

    kiwifarms.net
    • Informative Informative x 9
    • Winner Winner x 3
    • Agree Agree x 1
    • Semper Fidelis Semper Fidelis x 1
    xxXDxx

    xxXDxx just magic, ain't gotta explain shit

    kiwifarms.net
  16. Wait, hold on, correct me if I'm wrong, but I believe infecting the BIOS means they'd have to refresh the motherboard while it was on, which means they'd have to risk damaging or breaking it to make the infection possible in the first place. This infection process has a higher chance of just bricking the computer than it does gaining access. This just puts their credibility all the more into question, honestly.

    Lol, I knew it.
     
    • Agree Agree x 3
    MarvinTheParanoidAndroid

    MarvinTheParanoidAndroid This will all end in tears, I just know it.
    Birthday

    kiwifarms.net
    • Informative Informative x 8
    • Feels Feels x 2
    • Agree Agree x 1
    AnOminous

    AnOminous life of the mind
    True & Honest Fan Retired Staff

    kiwifarms.net
  17. With Jews you always lose.
     
    • Agree Agree x 6
    vertexwindi

    vertexwindi Ohhh~ banana
    Supervisor True & Honest Fan

    kiwifarms.net
  18. I thought this was sketchy from the beginning. We might have nothing but a purely theoretical exploit on our hands. Still bad, but a lot less scary for home users.
     
    • Agree Agree x 2
    Splendid Meat Sticks

    Splendid Meat Sticks Castigat ridendo mores
    True & Honest Fan Lolcow TV Captain

    kiwifarms.net
  • About Us

    The Kiwi Farms is about eccentric individuals and communities on the Internet. These people are commonly referred to as Lolcows and are each distinct thanks to their erratic public behavior. Spectators are encouraged to join discussion. The wealth of opinions and knowledge shared by users is what has enabled this peculiar fringe community to thrive despite the incredible adversity and contention brought by those we discuss.

    We do not place intrusive ads, host malware, sell data, or run crypto miners with your browser. If you experience these things, you have a virus. If your malware system says otherwise, it is faulty.

  • Supporting the Forum

    BTC: 1LXpv9FUiazGB2LVyS44cTTEQFc8CBgPYi

    BTC+SW: bc1qwv5fzv9u6arksw6ytf79gfvce078vprtc0m55s

    ETH: 0xc1071c60ae27c8cc3c834e11289205f8f9c78ca5

    LTC: LNjmyhxThrTMY4izBdcdWqvW287LmCB6bg

    XMR: 438fUMciiahbYemDyww6afT1atgqK3tSTX25SEmYknpmenTR6wvXDMeco1ThX2E8gBQgm9eKd1KAtEQvKzNMFrmjJJpiino

Copyright © 2016 Lolcow LLC
This website may contain offensive or adult content.
Discontinue browsing if it is illegal or against your wishes to see such material.
All content belongs to their respective authors and does not represent Lolcow LLC.
We have not been served any secret court orders and are not under any gag orders.