AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities

AMD is now developing and staging the deployment of fixes for the vulnerabilities recently discovered in the company’s processors. The news arrives by way of Senior Vice President and Chief Technology Officer Mark Papermaster, who also notes that in order to take advantage of the vulnerabilities, an attacker needs administrative access to the affected PC. At that point, they could use any attack vector to infiltrate the device beyond what was discovered in AMD’s processors. 

According to the schedule, AMD will release a firmware patch through a BIOS update for the MasterKey vulnerability on an unspecified date along with an update to the related secure processor in the “coming weeks.” AMD lists the same schedule for the Ryzenfall and Fallout vulnerabilities along with the associated secure processors. As for the Chimera issue, AMD is currently working with the Promontory chipset manufacturer to release mitigating patches through a BIOS update. 

“The security issues identified by the third-party researchers are not related to the AMD ‘Zen’ CPU architecture or the Google Project Zero exploits made public Jan. 3, 2018,” Papermaster states. “Instead, these issues are associated with the firmware managing the embedded security control processor in some of our products (AMD Secure Processor) and the chipset used in some socket AM4 and socket TR4 desktop platforms supporting AMD processors.” 

Security researchers recently uncovered a stand-alone set of critical processor vulnerabilities just months after another set of researchers disclosed the Meltdown and Spectre flaws to the public. This time Intel owners could breathe easy, as these exploits were unique to AMD’s processors, including its latest Ryzen chips. 

“The Ryzen chipset, a core system component that AMD outsourced to a Taiwanese chip manufacturer, ASMedia, is currently being shipped with exploitable manufacturer backdoors inside,” reads the whitepaper put out by CTS Labs, the company that discovered the vulnerabilities. “CTS has been researching the security of AMD’s latest Zen processors for the past six months, including EPYC, Ryzen, Ryzen Pro and Ryzen Mobile, and has made concerning discoveries.”

CTS Labs released a letter clarifying some of the technical details of the exploits, in response to some criticism that has been leveled at the security firm regarding the plausibility that these exploits could even be put to use by a malicious actor.

“The vulnerabilities described in our site are second-stage vulnerabilities. What this means is that the vulnerabilities are mostly relevant for enterprise networks, organizations and cloud providers,” CTS Labs said in a statement. “The vulnerabilities described in amdflaws.com could give an attacker that has already gained initial foothold into one or more computers in the enterprise a significant advantage against IT and security teams.”

That’s the real danger here. These exploits are unlikely to be used against you personally, but they pose a significant danger to large systems that handle sensitive data which could make appealing targets for enterprising hackers.

Disclosure dust-up

The announcement itself has generated a fair amount of controversy, as security research firm CTS Labs reportedly did not give AMD the industry-standard 90-day notice before announcing the existence of these exploits to the public.

In response, AMD released a general statement which digs at CTS Lab’s unorthodox means of disclosure. “This company was previously unknown to AMD,” the statement reads, “and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings.”

CTS Labs released its own response to the controversy in the form of a letter penned by Chief Technical Officer Ilia Luk-Zilberman. The letter outlines how CTS Labs first discovered the vulnerabilities, as part of an investigation into chip manufacturer ASMedia’s products. The letter suggests AMD inadvertently allowed the exploits to take root in its products by contracting with ASMedia for the design of Ryzen chipset components.

The speed and ease with which CTS Labs discovered these vulnerabilities, Luk-Zilberman alleges, contributed to the company’s decision to go public with the exploits well ahead of the typical 90-day window offered to companies like AMD when a serious vulnerability is discovered.

“I honestly think it’s hard to believe we’re the only group in the world who has these vulnerabilities, considering who are the actors in the world today, and us being a small group of six researchers,” Luk-Zilberman’s letter continues.

The letter goes on to describe CTS Labs’ opposition to the “responsible disclosure” norms within the cybersecurity industry. For example, when Google’s Project Zero uncovered the Meltdown and Spectre vulnerabilities, Google offered AMD and Intel a 200-day head start to get working on a patch. CTS Labs claims this relationship is bad for customers.

“I think that the current structure of ‘Responsible Disclosure’ has a very serious problem,” Luk-Zilberman said. “The main problem in my eyes with this model is that during these 30/45/90 days, it’s up to the vendor if it wants to alert the customers that there is a problem. And as far as I’ve seen, it is extremely rare that the vendor will come out ahead of time notifying the customers.”

Ryzenfall, Fallout, MasterKey, and Chimera

Before we get into what these vulnerabilities are and how they work, let’s be clear about one thing: There are no patches for these vulnerabilities as of this writing. If you’re compromised, there is not much you can do about it at the moment. If you’re running a Ryzen processor, you’ll just have to be very careful for the next few weeks while we wait for a patch.

Ryzenfall exploit chart
Chart illustrating which products are affected by which vulnerabilities, credit CTS Labs.

“Firmware vulnerabilities such as Masterkey, Ryzenfall, and Fallout take several months to fix. Hardware vulnerabilities such as Chimera cannot be fixed and require a workaround,” CTS Labs reports. “Producing a workaround may be difficult and cause undesired side-effects.”

These vulnerabilities fall into four categories, dubbed Ryzenfall, Fallout, Masterkey, and Chimera. All four lead directly into the secure portion of AMD processors, where sensitive data like passwords and encryption keys are stored, but they achieve their goals in different ways.

“Attackers could use Ryzenfall to bypass Windows Credential Guard, steal network credentials, and then potentially spread through even highly secure Windows corporate network,” CTS Lab reports. “Attackers could use Ryzenfall in conjunction with Masterkey to install persistent malware on the Secure Processor, exposing customers to the risk of covert and long-term industrial espionage.”

The real danger of these vulnerabilities is their pervasive nature. Once someone has wormed their way into the secure processor via Ryzenfall or Masterkey, they are there for good. They can set up camp and spread throughout the network virtually undetected. This is a scary prospect for individuals, but for AMD’s enterprise customers, like Microsoft, it could mean the exposure of very sensitive data to malicious actors on a large scale.

Updated on March 20: Added AMD’s firmware release schedule.

Gaming

Playing ‘Battlefield V’ on an $800 Nvidia card is stunning. And disappointing

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…
Home Theater

The best movies on Netflix in November, from 'Buster Scruggs’ to ‘Dracula’

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Gaming

Your PlayStation 4 game library isn't complete without these games

Looking for the best PS4 games out there? Out of the massive crop of titles available, we selected the best you should buy. No matter what your genre of choice may be, there's something here for you.
Mobile

Samsung will reportedly announce its folding smartphone at MWC in February

Samsung has been showcasing bendable display tech for a few years and now a folding smartphone might finally arrive. The Galaxy X, or perhaps the Galaxy F, may be the company's first example. Here's everything we know about it.
Gaming

Hacker finds Steam bug that unlocks free games, collects $20K for reporting it

Security researcher Artem Moskowsky discovered a Steam bug that allowed him to generate infinite free keys for any game. Instead of abusing the exploit, Moskowsky reported it to Valve, which gave him a $20,000 reward.
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…
Computing

HP takes $100 off of leather-clad Spectre Folio 13 bundle for Black Friday

HP is offering a discount to Black Friday shoppers for a bundle that includes its leather-wrapped answer to Apple's MacBook Air. HP is offering a $100 discount on the Spectre Folio 13 when bundled with a mouse and leather sleeve.
Computing

Save a heap with these Black Friday 2018 graphics card deals

The Black Friday 2018 sales period is finally here and it's brought with it a tonne of great component deals. We've been scouring websites and catalogs for days to find you the best graphics cards deals for Black Friday 2018.
Deals

The best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…
Computing

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.
Deals

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…
Computing

Ditch the passwords and buy Xbox games with just your face

Passwords are the past. The latest version of Windows 10 allows you to sign in with your Microsoft account on the web through Microsoft Edge using Windows Hello or a FIDO 2 Yubikey. 
Web

Canceling Amazon Prime is easy, and you might get a refund

Don't be intimidated. Learning how to cancel Amazon Prime is easier than you might think. You might even get a partial or full refund on the cost, depending on how much you've used it. Check out our quick-hit guide for doing so.
Computing

Editing a PDF is easy when you have the right tools in hand

Editing PDF files can be a real pain, but there are a few tricks to make the process a bit easier. This guide will give you three easy methods for how to edit a PDF, two of which work without needing Adobe Acrobat.