Initial AMD Technical Assessment of CTS Labs Research

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Mar 21, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    45,569
    Likes Received:
    12,648
    GPU:
    AMD | NVIDIA
    airbud7, AsiJu and Embra like this.
  2. Fox2232

    Fox2232 Ancient Guru

    Messages:
    11,808
    Likes Received:
    3,370
    GPU:
    6900XT+AW@240Hz
    Well written AMD. Especially clearing distance from Spectre/Meltdown.

    When CT Slabs wrote that those are not fixable, they knew one thing... To put disclaimer that their results are their opinions and may be wrong.
     
    Prince Valiant likes this.
  3. Zeka

    Zeka Active Member

    Messages:
    90
    Likes Received:
    18
    GPU:
    PowerColor R9 280
    Very professional response from AMD. Good job

    This is so so low... Such dirty tactics, investing in lies and deceit instead of making better and affordable products, and competing fairly.
    I salute AMD, if it wasn't for them, we'd be still using 32bit single core processors. Intel, shame on you. I will never ever buy any of your MBs or processors, unless you change how you do business
     
    AsiJu, -Tj- and Silva like this.
  4. Spider4423

    Spider4423 Active Member

    Messages:
    77
    Likes Received:
    34
    GPU:
    MSI 1070 Gaming X
    Well since this was a aggressive attack on AMD and they needed to make the ant look like an elephant. Repercussions were expected.
    Hopefully this type of behavior doesn't become a trend.
     
    Last edited: Mar 21, 2018
    -Tj- likes this.

  5. Kaarme

    Kaarme Ancient Guru

    Messages:
    3,308
    Likes Received:
    2,161
    GPU:
    Sapphire 390
    It's sad AMD even needs to respond to the trolls who were only interested in bringing down the stock for short selling. It wouldn't surprise me if that CTS Labs had been taken down by now, and the dudes behind it were already looking for their next victim, ready to found a new whatever cover company for the purpose.
     
    -Tj-, AsiJu, schmidtbag and 1 other person like this.
  6. RzrTrek

    RzrTrek Ancient Guru

    Messages:
    2,549
    Likes Received:
    741
    GPU:
    -
    CTS labs may have been quick to jump the gun, but at least something good came out of it.
     
  7. gianluca

    gianluca Active Member

    Messages:
    77
    Likes Received:
    13
    GPU:
    GTX 1070 TI 8GB
    If I were AMD I would use my lawyers too, not just the engineers.
    Considering the amount of money involved in this industry and the fact that even a small lie or a wrong or misleading statement/assessment can cause damages for millions (when not billions), I wouldn't be surprised if this story will have legal consequences.
     
    -Tj- and AsiJu like this.
  8. Silva

    Silva Ancient Guru

    Messages:
    1,966
    Likes Received:
    1,119
    GPU:
    Asus Dual RX580 O4G
    "Method: Attacker requires Administrative access."

    Top kek.
     
  9. fredgml7

    fredgml7 Member Guru

    Messages:
    185
    Likes Received:
    65
    GPU:
    Sapphire RX 570 4GB
    Just as i expected. Nothing to really worry about here.
     
  10. Prince Valiant

    Prince Valiant Master Guru

    Messages:
    811
    Likes Received:
    145
    GPU:
    EVGA GTX 1080 ti
    A hearty thanks to Hilbert for not being tempted to constantly throw fud about this for clicks :cool:.

    Nice to see that all of this is patchable and nothing is architecture related.
     
    -Tj-, AsiJu and Hilbert Hagedoorn like this.

  11. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    7,165
    Likes Received:
    3,623
    GPU:
    HIS R9 290
    Which is...?

    I don't know anything positive that came out of this, especially when you consider their approach. All of the flaws they discovered were effectively non-issues. So yeah, patching these things is good and all, but they didn't need to attract anyone's attention. All that came of this was FUD, which we have more than enough of from any major company these days.

    AMD could've done absolutely nothing about this and I'm sure nobody would've been affected. But, they sort of have an obligation to address these "vulnerabilities" brought by CTSL
     
    Last edited: Mar 21, 2018
  12. Prince Valiant

    Prince Valiant Master Guru

    Messages:
    811
    Likes Received:
    145
    GPU:
    EVGA GTX 1080 ti
    AMD got security research done for free :p?
     
  13. AsiJu

    AsiJu Ancient Guru

    Messages:
    8,234
    Likes Received:
    2,955
    GPU:
    MSI RX6800XT G.XT.
    AMD professionally "defused" the situation by calmly and collectively responding. Very nice work.

    And, this was already mentioned above but I'll quote it anyway from the response:

    "It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings.
    Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research."


    I said in another thread that should the above happen, possible exploit vectors are the least of your worries.
     
    -Tj- likes this.
  14. waltc3

    waltc3 Maha Guru

    Messages:
    1,433
    Likes Received:
    550
    GPU:
    AMD 50th Ann 5700XT
    It's sad that seemingly everything that appears on the Internet, if not fake news, is given a level of credibility completely undeserved. To sum up from the company hired by "CTS" to supposedly verify their blatantly ignorant, financially motivated claims:

    There is no immediate risk of exploitation of these vulnerabilities for most users. Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers (see https://www.usenix.org/system/files/1401_08-12_mickens.pdf, Figure 1)


    These types of vulnerabilities should not surprise any security researchers; similar flaws have been found in other embedded systems that have attempted to implement security features. They are the result of simple programming flaws, unclear security boundaries, and insufficient security testing. In contrast, the recent Meltdown and Spectre flaws required previously unknown techniques and novel research advances to discover and exploit.

    I think CTS had best have written its own obituary as opposed to AMD's....;) This would be a nice undertaking for the SEC.
     
  15. Rich_Guy

    Rich_Guy Ancient Guru

    Messages:
    12,959
    Likes Received:
    897
    GPU:
    MSI 2070S X-Trio
    so AMDs confirmed it, and are going to start patching within weeks, lol.
     

  16. TLD LARS

    TLD LARS Master Guru

    Messages:
    493
    Likes Received:
    201
    GPU:
    AMD 6900XT
    Yes they confirmed it because you can attack the computer if you have admin rights, but if you have admin rights anyway you could just attack windows itself and not limit your attack to AMD only.
    I am guessing here, but i think that Asus and Asrock is now busy applying the AMD fixes to the Asmedia chips installed on many Asus and Asrock Intel boards.

    Many of these attacks could effect Intel also, if you have the skills it should be possible to mod a Intel bios, to compromise a Intel system.
    They managed to install a 8000 i3 CPU in a 100 series chipset motherboard by modding the bios, so modding to compromise a system should be possible.
     
  17. Fox2232

    Fox2232 Ancient Guru

    Messages:
    11,808
    Likes Received:
    3,370
    GPU:
    6900XT+AW@240Hz
    Intel's IME was successfully modified/disabled... That's bigger than just changing microcode of one CPU series for another.
     
  18. tsunami231

    tsunami231 Ancient Guru

    Messages:
    13,385
    Likes Received:
    1,310
    GPU:
    EVGA 1070Ti Black
    I said it once i will say it again social media site are bad stupid people like to out security flaws there and crap tend to hit the fan when that happens. istead of telling the right people and them deal with it and keeping silent about till then, people and other companys just want there name in news and time in the spotline, reguardless to the damage they cause.

    I probably need another bios now cause quite few of my board has a asmedia chip on it too and my current board has a 3.1usb a and 3.1 usb c port that use asmedia
     
    Last edited: Mar 21, 2018
  19. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    2,483
    Likes Received:
    465
    GPU:
    RTX3090 GB GamingOC
    It's just like someone else sitting at your computer may delete stuff if you give them full control. Or if hackers are already in the door they can do many things including doing nothing but spying on you, which i find more serious than some malware spreader.
     
  20. AsiJu

    AsiJu Ancient Guru

    Messages:
    8,234
    Likes Received:
    2,955
    GPU:
    MSI RX6800XT G.XT.
    Also "funny" that the results were published less than 24 hrs after contacting AMD...

    looks like they did that so they can claim to have done the "right thing" by contacting AMD first, only.
    Spectre and Meltdown were kept under wraps for what, 6 months? To give Intel, AMD, ... time to investigate and prevent exploits meanwhile.

    Really hope this doesn't become a trend but now that it's been done once...
     

Share This Page