1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Initial AMD Technical Assessment of CTS Labs Research

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 21, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    32,670
    Likes Received:
    1,734
    GPU:
    AMD | NVIDIA
    airbud7, AsiJu and Embra like this.
  2. Fox2232

    Fox2232 Ancient Guru

    Messages:
    6,804
    Likes Received:
    537
    GPU:
    -NDA +AW@240Hz
    Well written AMD. Especially clearing distance from Spectre/Meltdown.

    When CT Slabs wrote that those are not fixable, they knew one thing... To put disclaimer that their results are their opinions and may be wrong.
     
    Prince Valiant likes this.
  3. Zeka

    Zeka Active Member

    Messages:
    56
    Likes Received:
    5
    GPU:
    PowerColor R9 280 3GB
    Very professional response from AMD. Good job

    This is so so low... Such dirty tactics, investing in lies and deceit instead of making better and affordable products, and competing fairly.
    I salute AMD, if it wasn't for them, we'd be still using 32bit single core processors. Intel, shame on you. I will never ever buy any of your MBs or processors, unless you change how you do business
     
    AsiJu, -Tj- and Silva like this.
  4. Spider4423

    Spider4423 Member

    Messages:
    46
    Likes Received:
    5
    GPU:
    MSI 1070 Gaming X
    Well since this was a aggressive attack on AMD and they needed to make the ant look like an elephant. Repercussions were expected.
    Hopefully this type of behavior doesn't become a trend.
     
    Last edited: Mar 21, 2018
    -Tj- likes this.

  5. Kaarme

    Kaarme Maha Guru

    Messages:
    1,146
    Likes Received:
    169
    GPU:
    Sapphire 390
    It's sad AMD even needs to respond to the trolls who were only interested in bringing down the stock for short selling. It wouldn't surprise me if that CTS Labs had been taken down by now, and the dudes behind it were already looking for their next victim, ready to found a new whatever cover company for the purpose.
     
    -Tj-, AsiJu, schmidtbag and 1 other person like this.
  6. RzrTrek

    RzrTrek Ancient Guru

    Messages:
    1,503
    Likes Received:
    178
    GPU:
    RX 580 (8GB)
    CTS labs may have been quick to jump the gun, but at least something good came out of it.
     
  7. gianluca

    gianluca Active Member

    Messages:
    55
    Likes Received:
    3
    GPU:
    Sapphire Nitro+ RX480 OC
    If I were AMD I would use my lawyers too, not just the engineers.
    Considering the amount of money involved in this industry and the fact that even a small lie or a wrong or misleading statement/assessment can cause damages for millions (when not billions), I wouldn't be surprised if this story will have legal consequences.
     
    -Tj- and AsiJu like this.
  8. Silva

    Silva Master Guru

    Messages:
    649
    Likes Received:
    138
    GPU:
    Asus RX560 4G
    "Method: Attacker requires Administrative access."

    Top kek.
     
  9. fredgml7

    fredgml7 Member

    Messages:
    18
    Likes Received:
    5
    GPU:
    MSI HD7770 1GB
    Just as i expected. Nothing to really worry about here.
     
  10. Prince Valiant

    Prince Valiant Master Guru

    Messages:
    593
    Likes Received:
    28
    GPU:
    GB GTX980 G1
    A hearty thanks to Hilbert for not being tempted to constantly throw fud about this for clicks :cool:.

    Nice to see that all of this is patchable and nothing is architecture related.
     
    -Tj-, AsiJu and Hilbert Hagedoorn like this.

  11. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    2,996
    Likes Received:
    366
    GPU:
    HIS R9 290
    Which is...?

    I don't know anything positive that came out of this, especially when you consider their approach. All of the flaws they discovered were effectively non-issues. So yeah, patching these things is good and all, but they didn't need to attract anyone's attention. All that came of this was FUD, which we have more than enough of from any major company these days.

    AMD could've done absolutely nothing about this and I'm sure nobody would've been affected. But, they sort of have an obligation to address these "vulnerabilities" brought by CTSL
     
    Last edited: Mar 21, 2018
  12. Prince Valiant

    Prince Valiant Master Guru

    Messages:
    593
    Likes Received:
    28
    GPU:
    GB GTX980 G1
    AMD got security research done for free :p?
     
  13. AsiJu

    AsiJu Ancient Guru

    Messages:
    4,866
    Likes Received:
    605
    GPU:
    EVGA 980Ti SC+
    AMD professionally "defused" the situation by calmly and collectively responding. Very nice work.

    And, this was already mentioned above but I'll quote it anyway from the response:

    "It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.
    Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research."


    I said in another thread that should the above happen, possible exploit vectors are the least of your worries.
     
    -Tj- likes this.
  14. waltc3

    waltc3 Master Guru

    Messages:
    631
    Likes Received:
    60
    GPU:
    Asus RX-480 8GB
    It's sad that seemingly everything that appears on the Internet, if not fake news, is given a level of credibility completely undeserved. To sum up from the company hired by "CTS" to supposedly verify their blatantly ignorant, financially motivated claims:

    There is no immediate risk of exploitation of these vulnerabilities for most users. Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers (see https://www.usenix.org/system/files/1401_08-12_mickens.pdf, Figure 1)


    These types of vulnerabilities should not surprise any security researchers; similar flaws have been found in other embedded systems that have attempted to implement security features. They are the result of simple programming flaws, unclear security boundaries, and insufficient security testing. In contrast, the recent Meltdown and Spectre flaws required previously unknown techniques and novel research advances to discover and exploit.

    I think CTS had best have written its own obituary as opposed to AMD's....;) This would be a nice undertaking for the SEC.
     
  15. Rich_Guy

    Rich_Guy Ancient Guru

    Messages:
    11,837
    Likes Received:
    127
    GPU:
    Sapp. RX Vega 64 LC
    so AMDs confirmed it, and are going to start patching within weeks, lol.
     

  16. TLD LARS

    TLD LARS Member

    Messages:
    24
    Likes Received:
    2
    GPU:
    GTX 970
    Yes they confirmed it because you can attack the computer if you have admin rights, but if you have admin rights anyway you could just attack windows itself and not limit your attack to AMD only.
    I am guessing here, but i think that Asus and Asrock is now busy applying the AMD fixes to the Asmedia chips installed on many Asus and Asrock Intel boards.

    Many of these attacks could effect Intel also, if you have the skills it should be possible to mod a Intel bios, to compromise a Intel system.
    They managed to install a 8000 i3 CPU in a 100 series chipset motherboard by modding the bios, so modding to compromise a system should be possible.
     
  17. Fox2232

    Fox2232 Ancient Guru

    Messages:
    6,804
    Likes Received:
    537
    GPU:
    -NDA +AW@240Hz
    Intel's IME was successfully modified/disabled... That's bigger than just changing microcode of one CPU series for another.
     
  18. tsunami231

    tsunami231 Ancient Guru

    Messages:
    8,411
    Likes Received:
    133
    GPU:
    EVGA 1070Ti Black
    I said it once i will say it again social media site are bad stupid people like to out security flaws there and crap tend to hit the fan when that happens. istead of telling the right people and them deal with it and keeping silent about till then, people and other companys just want there name in news and time in the spotline, reguardless to the damage they cause.

    I probably need another bios now cause quite few of my board has a asmedia chip on it too and my current board has a 3.1usb a and 3.1 usb c port that use asmedia
     
    Last edited: Mar 21, 2018
  19. Reddoguk

    Reddoguk Maha Guru

    Messages:
    1,459
    Likes Received:
    53
    GPU:
    Guru3d GTX 980 G1 Gaming
    It's just like someone else sitting at your computer may delete stuff if you give them full control. Or if hackers are already in the door they can do many things including doing nothing but spying on you, which i find more serious than some malware spreader.
     
  20. AsiJu

    AsiJu Ancient Guru

    Messages:
    4,866
    Likes Received:
    605
    GPU:
    EVGA 980Ti SC+
    Also "funny" that the results were published less than 24 hrs after contacting AMD...

    looks like they did that so they can claim to have done the "right thing" by contacting AMD first, only.
    Spectre and Meltdown were kept under wraps for what, 6 months? To give Intel, AMD, ... time to investigate and prevent exploits meanwhile.

    Really hope this doesn't become a trend but now that it's been done once...
     

Share This Page