Posted on 03/13/2018 1:53:20 PM PDT by bitt
Security researchers said Tuesday they discovered flaws in chips made by Advanced Micro Devices that could allow hackers to take over computers and networks.
Israeli-based security firm CTS Labs published its research showing "multiple critical security vulnerabilities and exploitable manufacturer backdoors" in AMD chips.
CTS itemized 13 flaws, saying they "have the potential to put organizations at significantly increased risk of cyberattacks."
The report comes weeks after Intel disclosed similar hardware-based flaws dubbed Meltdown and Spectre, sparking widespread computer security concerns and a congressional inquiry.
CTS said the newly discovered flaws could compromise AMD's new chips that handle applications in the enterprise, industrial and aerospace sectors, as well as consumer products.
In a 20-page white paper, the researchers said the AMD Secure Processor, the gatekeeper responsible for the security of AMD processors, contains "critical vulnerabilities" that "could allow malicious actors to permanently install malicious code inside the Secure Processor itself."
"These vulnerabilities could expose AMD customers to industrial espionage that is virtually undetectable by most security solutions," the researchers said.
CTS said AMD's Ryzen chipset, which AMD outsourced to a Taiwanese chip manufacturer, ASMedia, "is currently being shipped with exploitable manufacturer backdoors inside."
This could allow attackers "to inject malicious code into the chip" and create "an ideal target" for hackers, the researchers said.
"CTS believes that networks that contain AMD computers are at a considerable risk," the report said.
"The vulnerabilities we have discovered allow bad actors who infiltrated the network to persist in it, surviving computer reboots and reinstallations of the operating system.
(Excerpt) Read more at securityweek.com ...
There is a world of difference between discovering a flaw in any architecture, and claiming that the manufacturer deliberately left known backdoors in a product.
This looks like PR spin rather than a reasoned report on AMD engineering.
All complex products will have a “flaw” discovered at some point, if only through new research directly into exploiting the hardware.
When I read this line in the statement, I had to check to see if Intel owned CTS.
My understanding is that AMD is under attack from Wall Street Boogey Men. Stock closed up on Tuesday after an Extremely Volatile session. I have said in the past that AMD is guilty of Intel’s crimes
Ryzen
Ryzen is an AMD brand for microprocessors. The brand was introduced in 2017 with products implementing their Zen microarchitecture.
First Ryzen-branded products were officially announced during AMD’s New Horizon summit on December 13, 2016. Wikipedia
Waitin and waitin and waitin for somebody to show one of these flaws hitting an IBM machine...
And waitin and waitin and wai...
The article says the vulnerabilities affect the “AMD Secure Processor.” Folks, that’s only used in special chips corporations use to remotely manage their computers. Normal and high-end chips don’t have this.
From AMD:
“AMD Secure Processor is currently only available on select AMD A-Series and AMD E-Series APUs.”
YAY!!
The View from Our Corner of The StreetWe have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise. We will update this blog as news develops.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.