1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News AMD investigating claimed Ryzen, Epyc security flaws

Discussion in 'Article Discussion' started by bit-tech, 14 Mar 2018.

  1. bit-tech

    bit-tech Supreme Overlord Lover of bit-tech Administrator

    Joined:
    12 Mar 2001
    Posts:
    3,676
    Likes Received:
    138
    Read more
     
  2. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    I don't think anyone seriously believes the method and language of disclosure was intended as anything other than an AMD smear (or if they do; I've got this bridge you may be interested in buying...) but from reports in Ars and Anandtech the supposed exploits have been verified as viable by more reputable third parties. While requiring root somewhat limits the usefulness of these attacks, they are still extremely dangerous to anyone who possesses a zero-day root explot to a host OS or has physical access to the device (e.g. during transport), or even just an unpatched system. The problem is that once you have backdoored the Secure Environment or the PCH, you own the system without even an unexploited OS being aware of it.
    i.e. if you're worried about a cryptolocket-like messing with your files these aren;t much of a concern, but if you're worried about APTs this is some seriously bad juju.
     
    MLyons likes this.
  3. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,174
    Likes Received:
    2,732
    I mean if you've already got root then unless it's going to physically brick my hardware I don't really care. It's such a sketchy situation. Most malware uses an SE elevation anyway. Stuff like Zeus didn't even need admin if I remember correctly.
     
  4. .//TuNdRa

    .//TuNdRa Resident Bulldozer Guru

    Joined:
    12 Feb 2011
    Posts:
    4,046
    Likes Received:
    109
    Further to that - Doesn't all of this more or less revolve around Flashing exploited firmware onto the Hardware? So you have to edit and Digitally Sign Bios Files in order to get your malicious code in, Plus Digitally signed drivers by the Motherboard Vendor and other bits?

    If you are going to those extents to Own a machine; you're after a single dedicated target, and if you're already managing to spoof/override digital signing; there's no reason this exact same attack wouldn't work on any other machine that uses Digitally Signed Bios, AMD, Intel or otherwise.

    I think Linus Torvalds' response was the best; "Turns out if you replace Bios or Microcode with Evil versions; you might have a security issue"
     
  5. Corky42

    Corky42 Where's walle?

    Joined:
    30 Oct 2012
    Posts:
    9,648
    Likes Received:
    388
    So what happens if this turns out, as is likely IMO, to be nothing more than BS intended to gain financial.

    Can AMD sue, would some market authority get involved, will there be any repercussions.
     
  6. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    That's the idea, the claimed exploit is that that protection can be bypassed (and the attacks against the SE are specifically ones that do NOT require BIOS flashing).

    Let's use the house analogy:
    A Root Exploit is where it turns out your front door lock is made of cheese and anyone who pokes it with a stick can gain entry. Once inside, they can rummage through your stuff (e.g. a RAT), or just break things (e.g. Cryptolocker), but it's obvious once you actually look that they are there and have done bad stuff.
    These exploits are like somebody breaking in, and then hiding themselves inside your walls. You can't see them or know they were ever there, you can replace all your locks without effect, but they still have undetectable access to everything.
     
  7. fix-the-spade

    fix-the-spade Multimodder

    Joined:
    4 Jul 2011
    Posts:
    5,482
    Likes Received:
    1,267
    Unlikely that they could get anything worthwhile from what appears to be a two man limited company founded in Isreal less than a year ago.

    Even if they could prove some kind of foul play recovering any kind of damages from across the Atlantic would be nigh impossible and the company could simply fold. At best they could get a written admission of guilt, which would be pretty much moot as well if they already fixed or disproved the vulnerabilities.
     
  8. DbD

    DbD Minimodder

    Joined:
    13 Dec 2007
    Posts:
    519
    Likes Received:
    14
    The company in question has released real threats so while it's a scummy move designed to allow them to short sell AMD stock and make money I'm guessing it's probably not illegal as they've got real exploits. Hence they make their money and move onto their next target.

    As for the exploits, they don't seem easy to use (most need bios access) but that doesn't mean AMD won't have to fix them. An obvious way of using them is to intercept a new machine, put your exploit into the trusted execution engine and let it continue on it's way. Unless the company is flashing every bios it gets (and most don't) then you've got your compromised machine inside the company firewall, undetectable by any software, and from their you can attack other machines, and so on...
     
  9. edzieba

    edzieba Virtual Realist

    Joined:
    14 Jan 2009
    Posts:
    3,909
    Likes Received:
    591
    Some of the exploits are actually more insidious than that: the SE attack is per-CPU rather than per-motherboard, so flashing the BIOS will not evict the exploit.
     
  10. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,174
    Likes Received:
    2,732
    Same flaw also works against Intel chips soooo.....
     
  11. Vault-Tec

    Vault-Tec Green Plastic Watering Can

    Joined:
    30 Aug 2015
    Posts:
    14,851
    Likes Received:
    3,654
    So do these :D

    https://usbkill.com/
     
  12. Gareth Halfacree

    Gareth Halfacree WIIGII! Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    4 Dec 2007
    Posts:
    17,066
    Likes Received:
    6,610
    SO DOES A HAMMER.

    Hooray for hammers!
     
    Vault-Tec likes this.
  13. Vault-Tec

    Vault-Tec Green Plastic Watering Can

    Joined:
    30 Aug 2015
    Posts:
    14,851
    Likes Received:
    3,654
    :D haha "Can I just get access to your PC with this VERY LARGE HAMMER?"
     
  14. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,395
    Likes Received:
    2,992
    Anything can be achieved with the correct application of the correct hammer...
     
  15. Anfield

    Anfield Multimodder

    Joined:
    15 Jan 2010
    Posts:
    7,058
    Likes Received:
    969
    While that wouldn't be a particularly sophisticated attack vector it does come very close to the truth how most successful attacks are pulled off, the meatsack at the keyboard allowing access either due to ignorance or being talked into it is the single biggest IT security issue.
     
  16. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,174
    Likes Received:
    2,732
    Cant patch the end user. Unfortunately
     
  17. RedFlames

    RedFlames ...is not a Belgian football team

    Joined:
    23 Apr 2009
    Posts:
    15,395
    Likes Received:
    2,992
    [​IMG]
     
  18. MLyons

    MLyons 70% Dev, 30% Doge. DevDoge. Software Dev @ Corsair Lover of bit-tech Administrator Super Moderator Moderator

    Joined:
    3 Mar 2017
    Posts:
    4,174
    Likes Received:
    2,732
    I'll see if the same method works when I next get a bug report. "Sorry boss. User's PC was smashed by a balaclava wearing doge wielding a hammer. No idea what happened" *Ticket closed
     
Tags: Add Tags

Share This Page