Glider from the game of Life, rising from the left




Topic: #security-auditing

Serious Vulnerabilities Have Been Reported in Widely Used AMD Chipsets


Security researchers at CTS Labs have audited the hardware design and software configuration of some recent processors manufactured by Advanced Micro Devices (AMD). The audit turned up thirteen serious vulnerabilities. CTS Labs has prepared a white paper that lists and analyzes these vulnerabilities and demonstrates each one with proof-of-concept code. The researchers have sent copies of the white paper to “AMD, select security companies that can develop mitigations, and the U.S. regulators.” They published a redacted version of the white paper that omits all of the demonstrations and any parts of the analysis that they thought would be too helpful to malicious attackers.

To achieve the preconditions for any of these vulnerabilities, attackers would need to have root privileges on the machine they wanted to exploit. Even so, the vulnerabilities are serious, because they make it possible to install malware in system components that are normally inaccessible. Rebooting the computer, rolling back to a recovery image, or even reinstalling the operating system would have no effect on malware stored in those components. Depending on the local network configuration, the reported vulnerabilities may also make it easier for the attacker to break into other systems and to acquire root privileges on them.

The white paper asserts that AMD introduced two of the vulnerabilities into its chipset by outsourcing much of the design and implementation of one of the subsystems (“Promontory”) to another chip manufacturer, ASMedia:

The Promontory chipset is powered by an internal microcontroller that manages the chip's various hardware peripherals. Its built-in USB controller is primarily based on ASMedia ASM1142, which in turn is based on the company's older ASM1042. In our assessment, these controllers, which are commonly found on motherboards made by Taiwanese OEMs, have sub-standard security and no mitigation against exploitation. They are plagued with security vulnerabilities in both firmware and hardware, allowing attackers to run arbitrary code insider the chip, or to re-flash the chip with permanent malware. This, in turn, could allow for firmware-based malware that has full control over the system, yet is notoriously difficult to detect or remove. Such malware could manipulate the operating system through Direct Memory Access (DMA), while remaining resilient against most endpoint security products.

Specifically, the researchers discovered two sets of “hidden manufacturer backdoors,” some in the firmware and some in the hardware, any one of which provides an avenue for the introduction of malware into the Promontory processor.

“Severe Security Advisory on AMD Processors”
CTS Labs, March 2018

“Severe Security Advisory on AMD Processors”
CTS Labs, AMD Flaws, March 2018

“Clarification about the Recent Vulnerabilities”
CTS Labs, March 2018

“A Raft of Flaws in AMD Chips Makes Bad Hacks Much, Much Worse”
Dan Goodin, Ars Technica, March 13, 2018

“Researchers Say AMD Processors Have Serious Vulnerabilities and Backdoors”
Lorenzo Franceschi-Bicchierai, Motherboard, March 13, 2018

#Ryzenfall #Advanced-Micro-Devices #security-auditing

The Open Source Technology Improvement Fund


A long-overdue institution, still underfunded.

“For Open-Source Software, the Developers Are All of Us”
Derek Zimmer, Linux Journal, February 7, 2018

You enter information into your Google Chrome browser, on a website running Microsoft Internet Information Server, and the website is verified through Comodo certificate verification. Your data is transmitted through Cisco firewalls and routed by Juniper routers. It passes through an Intel-branded network card on your Dell server and through a SuperMicro motherboard. Then the data is transmitted through the motherboard's serial bus to the SandForce chip that controls your Solid State Disk and is then written to Micron flash memory, in an Oracle SQL database.

You are reliant on every single one of those steps being secure, in a world where the trillion-dollar problem is getting computers to do exactly what they are supposed to do. All of these systems have flows. Every step has problems and challenges. And if something goes wrong, there is no liability. The lost data damages your company, your livelihood, you. …

So how do we fix this problem? we organize and support open software development. We make sure that important free and open security projects have the resources they need to flourish and succeed. …

We have founded the Open Source Technology Improvement Fund, a 501(c)3 nonprofit whose only job is to fund security research and development for open-source software. We vet projects for viability, find out what they need to improve and get them the resource to get there. We then verify that their software is safe and secure with independent teams of software auditors, and work with the teams continuously to secure their projects against the latest threats.

#free-software #security-auditing #Open-Source-Technology-Improvement-Fund

Hashtag index

This work is licensed under a Creative Commons Attribution-ShareAlike License.

Atom feed

John David Stone (

created June 1, 2014 · last revised December 10, 2018