Secure enclaves like the one found in iPhones are intended to be impenetrable fortresses that handle tasks too sensitive for the main CPUs they work with. AMD’s version of that co-processor contains a raft of critical flaws that attackers could exploit to run malware that’s nearly impossible to detect and has direct access to a vulnerable computer’s most sensitive secrets, a report published Tuesday warned. The chips also contain what the report called “backdoors” that hackers can exploit to gain administrative access.
The flaws—in AMD’s EPYC, Ryzen, Ryzen Pro, and Ryzen Mobile lines of processors—require attackers to first gain administrative rights on a targeted network or computer, which is a hurdle that’s difficult but by no means impossible to clear. From there, attackers can exploit the vulnerabilities to achieve a variety of extraordinary feats that would be catastrophic for the owners’ long-term security. Among other things, the feats include:
- Running persistent malware inside the AMD Secure Processor that’s impossible—or nearly impossible—to detect
- Bypassing advanced protections such as AMD’s Secure Encrypted Virtualization, Firmware Trusted Platform Module, and other security features, which are intended to secure systems and sensitive data in the event that malware infects a computer’s operating system
- Stealing credentials a vulnerable computer uses to access networks
- Physically destroying hardware by attackers in hardware-based “ransomware” scenarios
“All these things are real”
The four classes of vulnerabilities—dubbed Masterkey, Ryzenfall, Fallout, and Chimera—were described in a 20-page report headlined “Severe Security Advisory on AMD Processors.” The advisory came with its own disclaimer that CTS—the Israeli research organization that published the report—”may have, either directly or indirectly, an economic interest in the performance” of the stock of AMD or other companies. It also discloses that its contents were all statements of opinion and “not statements of fact.” Critics have said the disclaimers, which are highly unusual in security reports, are signs that the report is exaggerating the severity of the vulnerabilities in a blatant attempt to influence the stock price of AMD and possibly other companies. Critics also faulted the researchers for giving AMD just 24 hours to review the report before it went public and using a dedicated-website to bring attention to the flaws.
AMD officials released a statement that read: “At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report, which we just received, to understand the methodology and merit of the findings.”
Still, Dan Guido, a chip security expert and the CEO of security firm Trail of Bits, told Ars that whatever ulterior motives it may have, the paper accurately describes a real threat. After spending much of last week testing the proof-of-concept exploits discussed in the paper, he said, he has determined that the vulnerabilities they exploit are real.
“All the exploits work as described,” he said. “The package that was shared with me had well-documented, well-described write-ups for each individual bug. They’re not fake. All these things are real. I’m trying to be a measured voice. I’m not hyping them. I’m not dismissing them.”
Once hackers gain low-level access to a targeted network, they typically collect as much data as they can as quickly as they can in hopes of elevating their privileges. All that’s required to exploit the AMD chip vulnerabilities, Guido said, is a single administrator credential inside the network.
“Once you have administrative rights, exploiting the bugs is unfortunately not that complicated,” he said.
Bypassing signature checks
While AMD chips are supposed to require the firmware that runs on them to be digitally signed, Guido said the exploits massage the code in a way that allows uploaded firmware to pass validation checks without a valid signature. Once the attacker’s malicious firmware is running on the processor, it’s nearly impossible to detect using today’s tools. What’s more, the firmware has direct access to protected memory, hard drives, input/output devices and other computer components that might be out of bounds to more traditional malware.
“I ran the exploit code that let me get shells,” Guido said. “They do make a bad compromise significantly worse. There are no tools to help you find if these issues have been exploited.” The vulnerabilities, he said, are unrelated to a code-execution flaw disclosed in January in AMD’s trusted platform module.
Not so fast
Other researchers played down the severity of the flaws and questioned the veracity of the report, which was published the same day that short seller Viceroy Research issued a report saying AMD shares might lose all their value. AMD shares initially fell following publication of the reports, but they eventually closed higher. The report’s critics, meanwhile said the requirement that an attacker already have administrative rights meant the vulnerabilities weren’t as severe as portrayed.
“All the exploits require root access,” said David Kanter, a chip expert who is founder of Real World Technologies. “If someone already has root access to your system, you’re already compromised. This is like if someone broke into your home and they got to install video cameras to spy on you.”
Still, Kanter agreed with Guido that the vulnerabilities were a major embarrassment for AMD, particularly because most of them reside in the Platform Secure Processor, which is AMD’s version of the secure enclave in the iPhone. Unlike Apple, which custom-designed its secure enclave, AMD relies on a 32-bit Cortex A5 processor designed by ARM.
AMD’s Secure Processor, Guido said, “is intended to be the one defensible part of the processor. The fact that you can upload unsigned code and get it to pass validation and the fact that you can manipulate all the mail slot handlers is not what I would expect as someone who needs to trust this component.”
In a series of tweets, Gadi Evron, a veteran security researcher and the CEO and founder of security firm Cymmetria, also confirmed the accuracy of the findings even as he declined to defend the way they were disclosed.
Other vulnerabilities were the result of what Tuesday’s advisory said were manufacturer “backdoors” that were built into a chipset that connects Ryzen and Ryzen Pro processors to hardware devices such as Wi-Fi chips and network cards. One of the backdoors is built into the firmware, the report contended, while the other resides in the hardware. AMD’s partner for the chips, the report said, is ASMedia. In 2016, ASMedia parent company ASUSTeK Computer settled charges brought by the Federal Trade Commission that alleged it neglected security vulnerabilities. The settlement requires ASUSTek to undergo external security audits for 20 years.
Tuesday’s report went on to warn that the Chimera vulnerabilities resulting from the purported backdoors may be impossible to fix.
As explained earlier, the report’s findings are highly nuanced because they’re premised on an already serious compromise that allows attackers to gain administrative control of a computer running one of the vulnerable AMD processors. That steep bar is countered by an achievement that’s not possible with most exploits Specifically:
- The ability to take complete control over the affected machine, including parts that are normally isolated from malware
- The ability to run malicious code before the operating system boots and for infections to persist even after the operating system is reinstalled
- The ability to bypass advanced protections such as Windows 10 Credential Guard
People who rely on AMD chips shouldn’t panic, but they also shouldn’t discount the warnings contained in the report, despite the questionable motivations for its release.