1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

13 Critical Security Vulnerabilities and Manufacturer Backdoors discovered In AMD Ryzen Processors

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 13, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    33,271
    Likes Received:
    2,236
    GPU:
    AMD | NVIDIA
    Last edited: Mar 13, 2018
    ZXRaziel and killferd like this.
  2. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    8,906
    Likes Received:
    1,146
    GPU:
    1080Ti @h2o
    Can't help but remember all the red team's fanboys crying out for Spectre and Meltdown and how AMD's CPUs are totally secure etc.
     
  3. Rich_Guy

    Rich_Guy Ancient Guru

    Messages:
    11,879
    Likes Received:
    151
    GPU:
    Sapp. RX Vega 64 LC
  4. Spider4423

    Spider4423 Member

    Messages:
    48
    Likes Received:
    6
    GPU:
    MSI 1070 Gaming X
    Can't help but think this is becoming a hunt... Intel and AMD sponsoring these sudden exploit finds. Suddenly a lot of exploits come to surface.
    Also to be on topic, should they have warned AMD of these exploits before going public ?
     
    Clawedge likes this.

  5. Aura89

    Aura89 Ancient Guru

    Messages:
    6,770
    Likes Received:
    208
    GPU:
    -
    It's 2018 and it's software/hardware. There will never be a time that there are no vulnerabilities. That being said, a vulnerability that lasts 10+ years is pretty sad.

    ^ This. If they didn't, and i don't know if they did or didn't, then the real people allowing vulnerabilities to be exploited are the people who make this information public knowledge. I'm not saying the public should never know about this, obviously they should, but considering the fact there's nothing for the public to do in these issues, either intel or AMD, then the information should be announced after they have been fixed, unless there is something that can be done for temporary reasons to halt the exploit on the user end.
     
    ZXRaziel likes this.
  6. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    8,906
    Likes Received:
    1,146
    GPU:
    1080Ti @h2o
    That being said, a vulnerability that takes 10+ years to detect / exploit is not as sad as one discovered in a relatively new architecture, no? ;)
     
  7. Aura89

    Aura89 Ancient Guru

    Messages:
    6,770
    Likes Received:
    208
    GPU:
    -
    Depends on how long they were being used. No one realistically can say for certain that any issue were not being abused before it was "discovered".

    Though again, 10+ years means the whole CPU has not been overhauled in 10+ years, which is simply sad.
     
    Last edited: Mar 13, 2018
    ZXRaziel and Silva like this.
  8. Brandon Stewart

    Brandon Stewart New Member

    Messages:
    3
    Likes Received:
    3
    GPU:
    Radeon
    Doesn't it seem really strange that this was announced on the 1 year anniversary of Ryzen and just happens to have a splashy website name and advertisement style videos? The flaws are probably legit but someone is out for publicity on this one.
     
    fantaskarsef and Silva like this.
  9. Jagman

    Jagman Ancient Guru

    Messages:
    2,099
    Likes Received:
    168
    GPU:
    Zotac GTX1070
    Check calendar......Hmmm... Not April 1st..... Oh feck! Can someone, anyone, please make a secure processor? Is it even possible?
     
  10. SSD_PRO

    SSD_PRO Member Guru

    Messages:
    146
    Likes Received:
    12
    GPU:
    EVGA GTX 1070
    Being an Intel fanboy, I will now demonstrate how a mature person steps up instead of screaming insults: Components/hardware/software have vulnerabilities. They all do; those that are known, those that are unknown, it is just the way it is. All we need is the companies to step up and do what they can to mitigate and accountability for those responsible if they covered it up thus endangering end users. AMD has some really great products right now at competitive prices and this shouldn't be seen as a deterrent.
     
    Octopuss and ZXRaziel like this.

  11. mtrai

    mtrai Master Guru

    Messages:
    864
    Likes Received:
    47
    GPU:
    PowerColor RD Vega
    They did post a disclaimer stating it is their opinion not fact.

    Legal Disclaimer BACK TO SITE CTS is a research organization. This website is intended for general information and educational purposes. This website does not offer the reader any recommendations or professional advice. **The opinions expressed in this report are not investment advice nor should they be construed as investment advice or any recommendation of any kind.

    It summarizes security vulnerabilities, but purposefully does not provide a complete description of such vulnerabilities to protect users, such that a person with malicious intent could not actually exploit the vulnerabilities and try to cause harm to any user of the products described herein. Do not attempt to exploit or otherwise take advantage of the security vulnerabilities described in the website.

    The report and all statements contained herein are opinions of CTS and are not statements of fact. To the best of our ability and belief, all information contained herein is accurate and reliable, and has been obtained from public sources we believe to be accurate and reliable. Our opinions are held in good faith, and we have based them upon publicly available facts and evidence collected and analyzed, which we set out in our research report to support our opinions. We conducted research and analysis based on public information in a manner that any person could have done if they had been interested in doing so. You can publicly access any piece of evidence cited in this report or that we relied on to write this report. Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.

    You may republish this website in whole or in part as long as CTS is clearly and visibly credited and appropriately cited, and as long as you do not edit content.

    Although we strive for accuracy and completeness to support our opinions, and we have a good-faith belief in everything we write, all such information is presented "as is," without warranty of any kind– whether express or implied – and CTS does not accept responsibility for errors or omissions. CTS reserves the right to change the contents of this website and the restrictions on its use, with or without notice, and CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate.
     
    Last edited: Mar 13, 2018
    killferd likes this.
  12. jaggerwild

    jaggerwild Master Guru

    Messages:
    526
    Likes Received:
    174
    GPU:
    Many
  13. mtrai

    mtrai Master Guru

    Messages:
    864
    Likes Received:
    47
    GPU:
    PowerColor RD Vega
    We really need a lot more information...they "supposedly" gave AMD notice but only 24 hours before this "news" was published...when standard practice is 90 days. Just saying.
     
    Silva likes this.
  14. Eastcoasthandle

    Eastcoasthandle Ancient Guru

    Messages:
    1,810
    Likes Received:
    73
    GPU:
    R9 Fury
    Let set a few things straight about this as I'm no fan of AMD CPUs. Haven't had one in years but I find this a bit suspect.
    This is a no-name startup that simply pops out of nowhere. They have professional PR representation, videos, ads, and a dedicated info weblink that's hyperbol towards AMD? And no one caught this?
    https://amdflaws.com/. <---LOL ok it must be legit

    From what I've read this rogue group gave AMD less than 24 hours to look at the vulnerabilities and respond before this was published for all to see in it's glory. From watching videos about journalism the standard vulnerability disclosure calls for 90 days notice, so companies have time to address flaws and respond about it. This in of itself makes the claims shady and unethical even if what they claim is remotely true. This is a huge conflict of interest how and when this is presented.

    But what I also found interesting is the fact that this comes from the same area in Israel where Intel has facilities for their core design teams and manufacturing plants Nah, that must be just a coinkydink right?
    Or perhaps made to look like a coinkydink.

    I find this report regardless if true or not true to be incredibly disingenuous. And won't be surprised if the bread crumbs lead back to a conspirator causing drama. I am not fully convinced this is from Intel either. As it's way to obvious. That's also a red flag.
     
    Athlonite and ZXRaziel like this.
  15. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    33,271
    Likes Received:
    2,236
    GPU:
    AMD | NVIDIA
    The timing of this whitepaper, website release and even press-releases on pro PR agencies like BusinessWire are just so suspicious. It feels like it was deliberately released as a payload, to create damage.

    This research is extensive - it likely has been funded in full, as the scope of it goes very deep, months if not an entire year of work maybe even? Yesterday AMD had their one year Ryzen anniversary, they're about to launch Zen+ as well. So who benefits from all this the most? It's pure speculation, but didn't Intel have activities in Israel as well? Yep, they invested $15 billion in a plant, and let me quote the Intel CEO:

    “We think of ourselves as an Israeli company as much as a US company,” Krzanich said at a Jerusalem press conference"

    It's not an accusation, but come on, it is suspicious. Also, CTS was founded as a privately held company in... 2017. Regardless of that remark, if the vulnerabilities are for real they, of course, should be out in the open. But only after AMD would have had enough time for this.
     
    Last edited: Mar 13, 2018
    anticupidon, Athlonite, -Tj- and 10 others like this.

  16. Bozskaggs

    Bozskaggs New Member

    Messages:
    5
    Likes Received:
    3
    This is shady af, and should be taken with a huge grain of salt.
    The white paper ends saying all of these "vulnerabilities" require admin level privleges.
    Seems like a complete smear job to me.
     
    ZXRaziel and killferd like this.
  17. mbk1969

    mbk1969 Ancient Guru

    Messages:
    5,365
    Likes Received:
    1,442
    GPU:
    GeForce GTX 1070


    Does that sound like a ransom blackmail?
    What is the point to give 24 hours?
     
    ZXRaziel and lucidus like this.
  18. cowie

    cowie Ancient Guru

    Messages:
    13,063
    Likes Received:
    192
    GPU:
    GTX
    I hope this is not to hard to fix
    if its true
     
    Last edited by a moderator: Mar 13, 2018
  19. fredgml7

    fredgml7 Member

    Messages:
    19
    Likes Received:
    5
    GPU:
    MSI HD7770 1GB
    Is that you Intel? Lol.
    I'm using my I5 fearlessly,, but keeping a backup.;)
     
  20. Fox2232

    Fox2232 Ancient Guru

    Messages:
    7,359
    Likes Received:
    778
    GPU:
    -NDA +AW@240Hz
    Less than 24 hours from letting AMD know till sending it out = malicious intent.
     
    ZXRaziel likes this.

Share This Page