Researchers have discovered critical security flaws in AMD chips that could allow attackers to access sensitive data from highly guarded processors across millions of devices.
Particularly worrisome is the fact that the vulnerabilities lie in the so-called secure part of the processors — typically where your device stores sensitive data like passwords and encryption keys. It’s also where your processor makes sure nothing malicious is running when you start your computer.
CTS-Labs, a security company based in Israel, announced Tuesday that its researchers had found 13 critical security vulnerabilities that would let attackers access data stored on AMD’s Ryzen and EPYC processors, as well as install malware on them. Ryzen chips power desktop and laptop computers, while EPYC processors are found in servers.
The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report. Standard vulnerability disclosure calls for 90 days’ notice so that companies have time to address flaws properly.
“At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings,” an AMD spokesman said.
The revelation of these vulnerabilities comes after the emergence of Meltdown and Spectre, security flaws that affected Intel and Arm chips, which affected a huge number of PCs dating back two decades. According to researcher Statista, 77 percent of computer processors are from Intel, while AMD accounts for 22 percent.
When the Meltdown and Spectre flaws were revealed in January, AMD said it was not affected because of the differences in its architecture.
These new security vulnerabilities break down into four categories, according to CTS-Labs co-founder and Chief Financial Officer Yaron Luk-Zilberman. All essentially allow an attacker to target the secure segment of a processor, which is crucial to protecting the sensitive information on your device.
“You’re virtually undetectable when you’re sitting in the secure processor,” Luk-Zilberman said. “An attacker could sit there for years without ever being detected.”
Here’s a breakdown:
When a device starts up, it typically goes through a “secure boot” process. It uses your processor to check that nothing on your computer has been tampered with, and only launches trusted programs.
The Master Key vulnerability gets around this startup check by installing malware on the computer’s BIOS, part of the computer’s system that controls how it starts up. Once it’s infected, Master Key allows attackers to install malware on the secure processor itself, meaning they’d have complete control of what programs are allowed to run during the startup process.
From there, the vulnerability also allows attackers to disable security features on the processor.
This vulnerability specifically affects AMD’s Ryzen chips and would allow malware to completely take over the secure processor.
That would mean being able to access protected data, including encryption keys and passwords. These are regions on the processor that a normal attacker would not be able to access, according to the researchers.
If attackers can bypass the Windows Defender Credential Guard, they could use the stolen data to spread to other computers within a network. Credential Guard is a feature for Windows 10 Enterprise, which stores your sensitive data in a protected section of the operating system that normally can’t be accessed.
“The Windows Credentials Guard is very effective at protecting passwords on a machine and not allowing them to spread around,” Luk-Zilberman said. “The attack makes spreading through the network much easier.”
Like Ryzenfall, Fallout also allows attackers to access protected data sections, including Credential Guard. But this vulnerability only affects devices using AMD’s EPYC secure processor. In December, Microsoft announced a partnership with for its Azure Cloud servers using EPYC processors.
“Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. Our standard policy is to provide solutions via our current Update Tuesday schedule,” a Microsoft spokesperson said.
These chips are used for data centers and cloud servers, connecting computers used by industries around the world. If attackers used the vulnerabilities described in Fallout, they could steal all the credentials stored and spread across the network.
“These network credentials are stored in a segregated virtual machine where it can’t be accessed by standard hacking tools,” said CTS-Labs CEO Ido Li On. “What happens with Fallout is that this segregation between virtual machines [is] broken.”
Segregated virtual machines are portions of your computer’s memory split off from the rest of the device. Researchers use them to test out malware without infecting the rest of their computer. Think of it as a computer inside your computer.
With Credential Guard, sensitive data is stored there and protected so that if your computer was infected by normal malware, the malware wouldn’t be able to access that data.
Chimera comes from two different vulnerabilities, one in firmware and one in hardware.
The Ryzen chipset itself allows malware to run on it. Because Wi-Fi, network and Bluetooth traffic flows through the chipset, an attacker could use that to infect your device, the researchers said. In a proof-of-concept demonstration, they said, it was possible to install a keylogger, which would allow an attacker to see everything typed on an infected computer.
The chipset’s firmware issues mean that an attack can install malware onto the processor itself.
“What we discovered is what we believe are very basic mistakes in the code,” said Uri Farkas, CTS-Labs vice president of research and design.
What should I do?
It’s unclear how long it will take to fix these issues with AMD’s processors. CTS-Labs said it hasn’t heard back from AMD. The researchers said it could take “several months to fix.” The vulnerabilities in the hardware can’t be fixed.
Intel and Microsoft are still managing patches for Meltdown and Spectre, and the fixes have ended up causing problems, including slower performance on affected computers. These new vulnerabilities could mean similar headaches for AMD-powered devices.
“Once you’re able to break into the security processor, that means most of the security features offered are broken,” Li On said.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.
Your input is required
Disagree, or have your own opinion? SUBMIT AN ARTICLE TODAY
Feel like commenting? Do you want to join a community of investors and start making money, for free? Then REGISTER now:
We want you to join our community
Benefits of signing up for a FREE membership now:
-No more costly delays in waiting for material
-Dozens of publications per week, including news coverage, earnings commentary, analysis, politics, and more
-Access to special guest contributions, including from WSJ, CNBC, and prolific independent authors
–Ability to comment on articles
–Access to our weekly newsletter
-Publish your own opinion/analysis
Thank you for your readership, and for your loyalty.