CyberWisdom Safe Harbor Commentary on Vulnerability with AMD Ryzen and EPYC Processors
The so-called vulnerabilities fall into four categories: RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY, and threatens to run various servers, workstations, and laptops that are vulnerable to AMD Ryzen, Ryzen Pro, Ryzen Mobile, or EPYC processors.
The research team at Israel’s CTS Labs found that the newly disclosed unpatched vulnerabilities defeated AMD’s Secure Encryption Virtualization (SEV) technology and may allow attackers to bypass the Microsoft Windows Credential Guard to steal network certificates.
In addition, the researchers also claimed that two available manufacturer backdoors were found in the Ryzen chipset, which could allow attackers to inject malicious code inside the chip.
Ary-epyc vulnerability of AMD-security processor on AMD Ryzen and EPYC Processors
Researchers successfully tested these vulnerabilities against 21 different AMD products and believe that 11 more products are also susceptible to these problems.
Although AMD is currently investigating the accuracy of these flaws, Dan Guido, the founder of Trail of Bits, a security company, has obtained complete technical details and PoC vulnerabilities at an early date, but they have independently confirmed that all 13 AMD vulnerabilities are accurate. And work in the paper in the way described.
The following is a brief description of all the vulnerabilities:
RYZENFALL (v1, v2, v3, v4) AMD Vulnerability
These vulnerabilities exist in AMD’s security operating system and affect the Ryzen security processor (Workstation/Professional/Mobile).
AMD-Security Processor Hacker
According to the researchers, the RYZENFALL vulnerability allows the execution of unauthorized code execution on the Ryzen security processor, ultimately allowing the attacker to access the protected memory area, injecting malware into the processor itself, and forbidding SMM from preventing unauthorized BIOS. Refresh.
An attacker can also use RYZENFALL to bypass Windows Credential Guard and steal network certificates, and then use stolen data to spread to other computers in the network (even the highly secure Windows corporate network).
RYZENFALL can also install persistent malware on the security processor with another issue called MASTERKEY (described in detail below), “to expose customers to the risks of covert and long-term industrial espionage.”
FALLOUT (v1, v2, v3) AMD Vulnerability on AMD Ryzen and EPYC Processors
These vulnerabilities are located in the bootloader component of the EPYC security processor and allow the attacker to read and write protected memory areas such as SMRAM and Windows Credential Guard isolated memory.
The FALLOUT attack affects only servers using AMD EPYC security processors and may be exploited to inject persistent malware into VTL1, where the security kernel and isolated user mode (IUM) execute code.
Like RYZENFALL, FALLOUT also allows attackers to bypass BIOS flash protection and steal network credentials protected by Windows Credential Guard.
“EPYC servers are being integrated with data centers around the world, including Baidu and Microsoft Azure Cloud, and AMD recently announced that EPYC and Ryzen embedded processors are being sold as high-security solutions for mission-critical aviation and aerospace defense systems.” The researchers said.
“We urge the security community to delve deeper into the safety of these devices and then get them into mission-critical systems that may be life-threatening.”
CHIMERA (v1, v2) AMD Vulnerability on AMD Ryzen and EPYC Processors
These two vulnerabilities are actually hidden behind the manufacturer’s back door in AMD’s Promontory chipset, which is an integral part of the Ryzen and Ryzen Pro workstations.
ryzen-EPYC hacker with AMD-security processor on AMD Ryzen and EPYC Processors
A backdoor program is implemented in the firmware running on the chip, and another backdoor program is implemented in the chip’s hardware (ASIC) and allows the attacker to run arbitrary code within the AMD Ryzen chipset or use a persistent malware to reflash the chip.
Because WiFi, network and Bluetooth traffic flow through the chipset, attackers can use the middle of the chipset to launch complex attacks on your device.
“In turn, this may allow firmware-based malware to fully control the system but it is very difficult to detect or remove. This malware may manipulate the operating system through direct memory access (DMA) while maintaining flexibility for most applications.” Terminal security products,” the researchers said.
According to the researchers, by listening for USB traffic flowing through the chipset, a stealth keylogger can be implemented that allows attackers to see the victim’s infected computer.
The researchers warned: “Since the latter has been manufactured into a chip, it may not be directly repairable.
Remedy on Vulnerability with AMD Ryzen and EPYC Processors
The solution may involve a solution or a recall.” MASTERKEY (v1, v2, v3) AMD vulnerabilities EPYC and Ryzen (Workstation/Professional Edition/Move) The three vulnerabilities in the processor) may allow an attacker to bypass authenticated hardware booting to reflash the BIOS with malicious updates and to infiltrate the secure processor for arbitrary code execution. Like RYZENFALL and FALLOUT, MASTERKEY also allows attackers to install covert and persistent malware inside AMD security processors, “run in kernel mode with the highest privileges”, and bypass Windows Credential Guard to facilitate network certificate theft. The MASTERKEY vulnerability also allows an attacker to disable security features such as Firmware Trusted Platform Module (fTPM) and Secure Encryption Virtualization (SEV). It is worth noting that all of these vulnerabilities require low-privileged access or management in certain situations on specific systems.
Researchers at CTS Labs gave only 24 hours to the AMD team to review all the loopholes and respond before revealing their details – For any company, understanding and properly solving key-level issues is fast. Although Intel and Microsoft are still managing their patches for Meltdown and Specter vulnerabilities, the newly discovered vulnerabilities may cause similar trouble for AMD and its customers. So, let us wait and see when the company proposes a repair plan, although researchers say it may take “a few months to solve” all the problems.
For more details on these vulnerabilities, refer to the article [PDF] entitled “Serious Security Recommendations for AMD Processors” published by CTS-Lab.
Security researchers have discovered 13 critical Spectre/Meltdown-like vulnerabilities throughout AMD’s Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. All these vulnerabilities lie in the secure part of the AMD’s Zen architecture processors and chipsets— Engaging post, Read More…
thumbnail courtesy of thehackernews.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »