Gadgetory

AMD must cease the sale of Rison and epic chips in the interest of Public Safety that's one of the quotes related to a new CTS Labs research paper on an alleged AMD vulnerability pertaining to its rise in architecture and it follows on the heels of meltdown and Specter reports so the public is now used to this sort of thing it's another report that's laid out in a very familiar fashion to meltdown inspector but we didn't think things lined up quite right with it it seems like something's off so today we'll be exploring the origin of the report the team behind it and their background and we'll be talking about whether or not this is actually a vulnerability you need to worry about before that this video is brought to you by Thermaltake and the view 71 enclosure the view 71 is a full tower case that's capable of fitting three video cards and most configurations it's also one of the better cooling cases in our recent case testing bench lineup the view 71 has hinged a tempered glass doors on either side that make it easy to open and show off and it comes with at least one rain fan though you can get the RGB version if you prefer learn more at the link in the description below so that quote opening this video is a bit histrionic it's hyperbolic and it basically is the tone of the entirety of the paper that cts lab put out and Viceroy research which has an interesting hand in all of this as we'll explore and so what we're looking at here to get everyone up to speed this is a we can make a comparison to meltdown inspector you know about those this is basically an attempt of a research company a cyber security company that was founded last year to show similar problems on AMD Hardware there are four categories of exploit listed the categories are named master key rise and fall come on guys fallout and chimera so each has a section in a white paper that explains the concept of the vulnerability it's got a list of affected processors potential consequences of those at vulnerabilities alleged vulnerabilities and then mitigation options as well although the last section is actually left empty usually three of the exploits require quote that an attacker be able to run a program with local machine elevated administrator privileges accessing the secure processor is done through a vendor supplied driver that is digitally signed while master key quote requires an attacker to be able to reflash the bios with a specially crafted BIOS update this would theoretically be done on a remote system that supports bios flashing from within the OS one of the experts we spoke with we sourced a couple of security folks that we worked with on our meltdown inspector stories brought them back in and said what do you all think of this and for one of them they stated the obvious if you have local administrator privileges already and the ability to flash bios an attacker would be able to install malware on a PC of any kind doesn't matter if it's AMD you're just as vulnerable on Intel it'd be equivalent to leaving your username and password on a post-it note on your monitor someone logging into it and then you claiming that they used a security vulnerability to attack the system where was the vulnerability in the chain that's not to discredit these findings but the thing here is that the entire white paper uses ad hominem attacks and it goes after the company Andy and its partners rather than the technology it's a stark contrast from what we saw with Google's project zero team and meltdown inspector where the entire focus was on technology the worst consequence listed is quote persistent virtually undetectable espionage surviving computer reboots and reinstallation z' of the operating system that's part of master key the rise and fall and fall out exploits could enable an attacker to break into system management mode using flaws in the AMD secure OS and epic bootloader respectively this could in turn be used to enable BIOS flashing for the master key exploit which seems to be the main focus of this paper this is theoretical as the paper opens with quote to ensure public safety all technical details that could be used to reproduce the vulnerabilities have been redacted from the document that means no proofs of concept or sample code and there's I guess one picture of an epic system whose bio screen has been modified via hack to say leet in the corner yes a research favor on security vulnerabilities is using 1337 to demonstrate their hack so all of this so far is in the white paper put up by cts at labs but there's more to it as well get into with Viceroy in a moment for now though there's one final exploit and that's chimera this one has to do with AMD's use of as media chips and cts claims that as media eye sees using the or in the AMD promontory chipset have quote substandard security and no mitigations against exploitation it also states quote they are plagued with security vulnerabilities in both firmware and hardware allowing attackers to run arbitrary code inside of the chip or to reflash the chip with persistent malware CTS claims to have successfully taken advantage of these vulnerabilities but again it requires a local admin access and assigned driver will get to the company's credentials in a moment as those our suspects but let's start with the presentation of this vulnerability by CTS labs contrasting the meltdown inspector whitepapers the CTS labs white paper on claimed and the vulnerabilities is bereft of any example code and is written with a tone that attacks companies rather than addressing the technological flaws that are alleged this is the most concerning as the writing is charged and appears emotionally motivated rather than taking an approach of objectively outlining the exploits and detailing the technology a primary concern is the window of time provided for AMD for Spectre and meltdown these affected intel and the arm basically everybody primarily Spectre meltdown mostly affecting Intel or so far entirely so with those two exploits the CPU and architecture companies had at least 5 to 6 months of private notice of the exploits prior to disclosing them to the public this was to give the company's Intel and the arm time enough to supply patches and work on micro code updates for their architectures so that the general public is not exposed to a wide sweeping zero-day exploit basically so this is quite different though CTS labs actually briefed media and we don't know which outlets yeah because we haven't find that any any source emails on this but the from what CTS Labs has put out there they briefed media first and AMD's second Andy the maker of the processor that's affected was given 24 hours of notice of the finding of this alleged exploit not enough time to do anything so in the best interest of the public as done with meltdown inspector you would give the company some notice so that they can do something so the motive here is suspect that's one of the biggest red flags even if this is a legitimate exploit and it may well be despite the fact that you'd physical access and might as well just pick up the computer and leave at that point even if it's a valid exploit you're still talking about a window of time of 24 hours to respond that's kind of absurd so that's what we've got for the basic presentation of this now the next thing to look at is the aggressive writing this report also focuses on leveraging ad hominem attacks including from the first three pages of the report the following quotes one quote the rise in chipset a core system component that AMD outsourced to a Taiwanese chip manufacturer as media is currently being shipped with exploitable manufacturer backdoors inside another quote we note with concern that AMD is outsourced partner as media is a subsidiary of Asus tech computer a company that has recently been penalized by the Federal Trade Commission for neglecting security vulnerabilities and put under mandatory external security audits for the next 20 years although important not sure that that's relevant for this particular story one of the last two here really puts into perspective though this one in our opinion this is from the researchers the basic nature of these vulnerabilities amounts to complete disregard of fundamental security principles this raises concerning questions regarding security practices auditing and quality controls at AMD and finally for good measure this one quote and these at latest generation Vega GPUs which also have secured processor inside of them are being integrated as deep learning accelerators on self-driving cars this is where you're supposed to be scared because I suppose the link you draw there is that the self-driving cars will kill you or something with her through exploit or accident so it's very peculiar language we're not talking about something where it's a lines of code or proofs of concept being demonstrated that show the issues with these supposed security processor vulnerabilities inside of AMD CPUs this is ad hominem it is appealing to emotion it's an attack that looks more motivated to drive perhaps investment or the lack thereof then to drive actual security advancement of the AMD CPUs and again that's not to discredit CTS labs findings these exploits from the experts we've spoken with do actually appear to have some basis in reality they could be real you could actually have security vulnerabilities and rise in CPUs the problem is the presentation and the fact that you need such low level access to the system basically being next to it in order to do anything with these exploits and this is a bit further than what we saw with specter and meltdown so there's almost zero focus on technical data in here and the presentation of the code in its entirety basically boils down to a BIOS screen displaying the word leet this is where things get interesting as for the CTS Labs website the posted legal disclaimer has some boilerplate cya language but also has some questionable language in one part the disclaimer states quote the report and all statements contained herein are opinions of cts and are not statements of fact another legal statement notes although we have a good faith belief in our analysis and believe it to be objective and unbiased you're advised that we may have either directly or indirectly an economic interest in the performance of the securities of the these products are subject to our reports now some of this just looks like boilerplate so it's not necessarily a red flag and in fact again cts could have found something real but digging further we get to the more interesting stuff especially as we move towards Viceroy we contacted security experts in the industry and overall discovered that cts Labs has not yet been heard of by any of our contacts we worked with on previous stories so that's the first item of note Andy's own statement insinuates similar unfamiliarity with CTS Labs where the company says quote we have just received a report from a company called CTS labs claiming there are potential security vulnerabilities related to certain processors of ours we are actively investigating and analyzing its findings this company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings when we first saw the press release about this we reached out to the listed bevel PR contact number this is a third-party PR agency supposedly that cts Labs has hired for handling its contact during this dilemma and when we reached out to the phone number provided which also has a name listed on the press release what we ended up with was no response the phone goes straight to voicemail and the inbox is full it's been a busy day though so perhaps this is fair we won't show it on screen but looking through personal social media pages of employees there we were able to find that that bevel PR appears to have been founded in 2017 quite recently and that it's staffed primarily or entirely by one individual will go with primarily we have also reached out to the individual through other forms of contact and have thus far received no response and speaking from experience we've never heard of bevel PR before but their webpage does indicate that they have some experience working with AI SEOs and hedge funds which led us to the next part of what we were looking into CTS Labs is a new company the CTS labs comm domain name was registered on June 25th 2017 around when the meltdown exploits were privately revealed to Intel and the flaws calm the domain that lists the exploit whitepaper was registered on February 22nd of 2018 both are GoDaddy domains there is an Intel flaws website as well but we contacted the owner and there's no affiliation the owner is an individual and was completely bewildered by our cold call so we'll rule that one out CTS Labs lists one urine luke Silberman as the chief financial officer we found SEC documents containing information on Luke Silberman and noted that he has affiliation supposedly with nine Wells Capital Management LLC based on what we saw online on his own profile and in other documents this is a hedge fund and investment management firm we attempted to call the phone numbers that listed for Luke Silberman on official government documents but found that the numbers were disconnected or invalid the CTS labs at YouTube account was registered three days ago at time of filming and presently has disabled comments on videos the default is enabled by the way so they were manually toggled off probably this is where it gets even better the video is published by CTS labs are even using Shutterstock stock photos for their green screen look familiar these videos were not shot in real offices at least not ones owned by CTS labs unless they're also in the business of stock photography for shutterstock as for the logo for CTS labs it appears that it's using a modified version of a shutterstock electronic shield logo with a slightly modified design the company looks suspect overall it's possible that this is legitimately a new security firm it's also possible that because they're security experts and not designers they bought and modified some stock images from Shutterstock perhaps for the video backgrounds they thought that it looked better than a white wall or a wood wall or anything like that and they went with something from Shutterstock but the point is that you consider all of this information with the time of publication the window of publication and the verbage and tone used in the documents upon launch and we have something that just seems wrong on that note we must now look to viceroy research Viceroy was the first group to report in great detail on the alleged AMD vulnerability and managed to publish a 25 page PDF almost immediately upon disclosure of these supposed to exploits we believe this was pre-written the PDF is entitled quote AMD the obituary and seems motivated to inflict fear and caused damage some quotes state for instance just one Rison chip could endanger an entire enterprise network or another and these flawed chips are components in defense products just to scare you one last quote that everyone can appreciate quote we believe AMD is worth 0.00 dollars and will have no choice but to file for chapter 11 bankruptcy in order to effectively deal with the repercussions of recent discoveries so at best this is fear-mongering at worst and I'm using viceroys own words here they may have some sort of financial entanglement with the situation and again that's their words I'll read it for you Viceroy joined business day for an interview in 2017 when asked by the magazine what Viceroy is the group reportedly responded quote we're an independent research group based in the u.s. our focus is to research entities that we find to have signs of accounting irregularities and potential fraud when asked why they do this the group stated quote we take a financial position in our research and our readers should assume we have a position on the stock the group also remains anonymous according to this business day interview anyway so if we assume that Viceroy has a position on an these stock as they've literally instructed us to do we would also assume that it's a short position this is kind of the speculation that's going on right now so Andy's recent uptrend would impact that negatively if you had a short position on AMD and we aren't making any leaps here Viceroy literally said to assume that they have a position on what they're reporting on so that's what we're doing the ravings of the Viceroy paper really make them out to look like a deranged a lunatic someone one during the streets at night scrolling things on the wall pinning up different newspaper articles and connecting them with read strain this the paper if you want something genuinely entertaining to read but somewhat terrifying we'd recommend it it's it's a good one so I'm speaking with multiple security experts again we have it on good authority that we've proposed vulnerabilities are potentially legitimate no one would commit to it firmly but discussion generally did indicate that these are possibly legitimate concerns on the am the architecture now some of them made the leap to say you know what if this is a concern on A&E it's also a concern on Intel because once someone has your username password and can flash bios you're kind of screwed anyway so it's possible this is actually a problem our present understanding is that these vulnerabilities are one not unique to AMD necessarily and two may require root access to the host system if everything we've read in the white papers is as we perceived it to mean and three they're blown way out of proportion if they are legitimate so we have something where there are potentially legitimate concerns but the supposed impact of those concerns has been painted in a way that makes them look much worse than reality if they are in fact a concern the viceroy is the most peculiar element in all this that paper really really made them to look like crazy people so and I mean genuinely like if we try to remain neutral through this whole thing that's the one place I can point and say what the hell are they hot you should you seriously should look at parts of it because it's insane so that's it for this one long story short if you are worried about this don't be maybe there's a problem don't give people you don't trust Ruta access to your computer and access to bios you'll probably be fine just a quick note on Intel before closing out we've seen some conspiracy theories online revolving around Intel largely alleging involvement or suggesting and of Intel and all of this we messaged Intel and requested a statement and any insight to this matter Intel replied with an official on record statement and said quote Intel had no involvement in the CTS labs security advisory so that's what we've got from them so subscribe for more content like this as always go to store that gamers Nexus dotnet tobacco order one of our mod mats the anti-static mod mats are coming back in in the next few weeks and shipping out immediately and go to patreon.com/scishow to thanks for watching I'll see you all next time