Flaws in AMD chips make hacks worse

A security startup called CTS-Labs made waves yesterday when it claimed to have discovered 13 critical security flaws classified into four types of vulnerabilities, each one specific to AMD's Ryzen and Eypc processor lines. The 13 different vulnerabilities affect processors found in desktops, laptops, and servers.

The report from CTS Labs is intentionally light on the exploits' details; a measure meant to stop anyone from using the alleged exploits while AMD is given the time to investigate them. While this appears to be bad news, let's leave the exact fix criteria to AMD, of which, has not responded (as of the writing of this post) to the annoucement from CTS-Labs (reportedly, the time-frame was a 24-hour notice, rather than the industry standard notification of 90 Calendar Days...). AMD says it's studying the findings and is committed to protecting its customers.

It continues: "The vulnerabilities allow malicious actors to install persistent malware inside the Secure Processor, running in kernel-mode with the highest possible permissions". AMD is now facing another big security headache, with no immediate cure available. Again, CTS-Labs unloads on ASMedia saying that while it is unaware of any of vulnerabilities being exploited in the wild, "similar vulnerabilities in other ASMedia products have been known in hardware hacking circles for several years".

Researchers normally give the chipmakers months ahead of time to fix the vulnerability before announcing it publicly, and while AMD is most likely aware of Masterkey, Ryzenfall, Fallout, and Chimera, it'll be months and months from now that they'll have a patch ready.

However, hackers will still need to do some work before they can actually exploit this vulnearbility. Potentially, if AMD had the chance to respond to the flaws before they had been made public, they may have never seen the light of day.

Just months after Meltdown and Spectre were disclosed to the public, security researchers have uncovered another set of critical processor vulnerabilities. The chip maker also took umbrage with CTS Labs for not giving proper notice before the research was published. AMD said, "We are actively investigating and analysing its findings".

CTS-Labs, a security research company which says it specializes in vulnerabilities within ASICs and other chips, has said it's discovered four potential attacks, code-named Masterkey, Ryzenfall, Fallout, and Chimera.

While redacting precise technical details from the white paper, CTS-Labs claims to have shared this with AMD and "select security companies". It's also worth noting that AMD has been made aware of the issues, as have "select security companies" that could help mitigate the fallout and USA regulators.

On top of that, a number of commentators have questioned financial links between CTS-Labs - which has no address and no landline telephone number - and investment professionals citing it and financial positions in AMD itself. And it's that CTS-Labs concocted naming/nomenclature and graphics symbolism that CTS-Labs/co-conspirators wish to use against AMD, in spite of any real or nonreal security issues that there may be.

It is also worth noting that CTS Labs is a relatively unknown player in the security world.

There's legitimate debate over just how much control big companies should exert over the publicity of their own shortcomings, but generally speaking in the interest of protecting users the convention tends to be adhered to.

AMD shares are down 1.2% to $11.38. Because CTS Labs won't release more detailed information about the vulnerabilities to the public-a wise choice, technically, if they are indeed actually easy to exploit-we won't have concrete confirmation of their existence until AMD has had a chance to examine the problem.

The disclosure is the first release by Israeli security startup CTS Labs, which was founded previous year.

(Derechos de autor © 2015. Todos los derechos reservados.)
 
Recomendado

Facebook stocks plunge amid Cambridge Analytica scandal
Many suggest this is exactly how the Trump campaign and other hazy political endeavors have been carried out. Cambridge Analytica have said the report had "grossly misrepresented" the conversations caught on camera.

Psg prefer Sarri and Luis Enrique over Conte — From France
Is Unai Emery likely to get the sack this summer? José Mourinho, Diego Simeone and Massimiliano Allegri are the other three. Notably, fourteen players on the list including six players of the top ten belong to their respective club academies.

'Let Him Burn in Hell': Religious Conservatives React to Stephen Hawking's Death
Hawking is survived by three children - Robert, Lucy and Timothy - from his first marriage to Jane Wilde, and three grandchildren. In an interview with The Guardian in 2011, Hawking also shared his view on life, death and what comes next.

Swansea boss Carvalhal not expecting weakened Spurs without Kane
Despite their limited resources, how the former Espanyol manager has turned the fortunes of the club is extremely commendable. Swansea are fighting for survival in the Premier League, Carlos Carvalhal has done a great job and it will be tough again.

Unlink your Facebook account from third-party apps with these tips
The problem is that Facebook lacks a strong policy that stops developers from selling this data to the highest bidder. Mark Warner Tuesday. "The American people deserve answers about social media manipulation in the 2016 election".

Nintendo Switch Pro Controller for $59 — Deal
Defend your idyllic island kingdom against a horde of Viking invaders, as you lead the desperate exodus of your people. There will be a speedrun mode where players can compete against their friends to complete levels in the fastest time.

Samsung Galaxy S9+ Camera: Just How Good It Actually Is
As far as the variable aperture is concerned with Sammy's flagship, you have to set it first prior to hitting the record button. Built-in storage tops out at 64GB on each of the new models, although it can be expanded with a microSD card of up to 400GB.

China pide a EU esfuerzos para "mantener la estabilidad"
Por su parte, el embajador de China en Estados Unidos , Cui Tiankai, dijo que su país no quiere una guerra comercial , "pero no le tenemos miedo".

UK parliament asks Mark Zuckerberg to testify — UPDATE
Fadden describes Facebook as a sort of "vacuum cleaner" that will take in and categorize as much information as its users give it. The company will hold an open meeting with its employees later to discuss the matter, tech news website The Verge is reporting .

Salah and Liverpool Don't Fear Man City: We've Beaten Them!
The first leg will be played at Anfield on April 4 with the return at Eastlands on April 10. The Egyptian scored a quadruple and tallied his 25th, 26th, 27th ad 28th goals this season.

Cambridge Analytica suspende a su CEO
Y luego dirigirse a ellos con personalizados anuncios políticos diseñados para influir en su particular aspecto psicológico. Para hacerlo, utilizó la aplicación " thisisyourdigitallife ", concebida y creada por el ruso Aleksandr Kogan .

Self-driving Uber car kills Arizona woman
The company suspended its test programs in San Francisco , Phoenix, Pittsburgh, and Toronto, according to The Washington Post . Video footage will aid the ongoing investigation, and the case would be submitted to the district attorney, Elcock said.

Information Commissioner forces Facebook auditors to pull out of Cambridge Analytica offices
According to the Guardian's Carole Cadwalladr, Facebook demanded to inspect Wylie's devices on Tuesday morning. Tillis declined to answer questions about Cambridge Analytica on Capitol Hill on Monday evening.

The important advice Stephen Hawking gave to his children
John Oliver , the host of " Last Week Tonight": "You've stated that there could be an infinite number of parallel universes. He leaves behind three children, Robert , Lucy and Timothy from his first marriage to Jane Wilde, and three grandchildren.

Colombia le gana 3 a 2 Francia — Remontada histórica
La selección Colombia iba 2-0 abajo en el marcador, tras los goles de Oliver Giroud y Thomas Lemar . Llegó el esperado día y el mismo vino con un resultado histórico para el fútbol colombiano .


Mas noticias

Noticias
Mas noticias