13 Security Vulnerabilities and Manufacturer Backdoors Exposed In AMD Ryzen Processors
Click here to post a comment for 13 Security Vulnerabilities and Manufacturer Backdoors Exposed In AMD Ryzen Processors on our message forum
fantaskarsef
Can't help but remember all the red team's fanboys crying out for Spectre and Meltdown and how AMD's CPUs are totally secure etc.
Rich_Guy
Ouch!
Spider4423
Can't help but think this is becoming a hunt... Intel and AMD sponsoring these sudden exploit finds. Suddenly a lot of exploits come to surface.
Also to be on topic, should they have warned AMD of these exploits before going public ?
Aura89
fantaskarsef
Aura89
Brandon Stewart
Doesn't it seem really strange that this was announced on the 1 year anniversary of Ryzen and just happens to have a splashy website name and advertisement style videos? The flaws are probably legit but someone is out for publicity on this one.
Jagman
Check calendar......Hmmm... Not April 1st..... Oh feck! Can someone, anyone, please make a secure processor? Is it even possible?
SSD_PRO
Being an Intel fanboy, I will now demonstrate how a mature person steps up instead of screaming insults: Components/hardware/software have vulnerabilities. They all do; those that are known, those that are unknown, it is just the way it is. All we need is the companies to step up and do what they can to mitigate and accountability for those responsible if they covered it up thus endangering end users. AMD has some really great products right now at competitive prices and this shouldn't be seen as a deterrent.
mtrai
They did post a disclaimer stating it is their opinion not fact.
Legal Disclaimer BACK TO SITE CTS is a research organization. This website is intended for general information and educational purposes. This website does not offer the reader any recommendations or professional advice. **The opinions expressed in this report are not investment advice nor should they be construed as investment advice or any recommendation of any kind.
It summarizes security vulnerabilities, but purposefully does not provide a complete description of such vulnerabilities to protect users, such that a person with malicious intent could not actually exploit the vulnerabilities and try to cause harm to any user of the products described herein. Do not attempt to exploit or otherwise take advantage of the security vulnerabilities described in the website.
The report and all statements contained herein are opinions of CTS and are not statements of fact. To the best of our ability and belief, all information contained herein is accurate and reliable, and has been obtained from public sources we believe to be accurate and reliable. Our opinions are held in good faith, and we have based them upon publicly available facts and evidence collected and analyzed, which we set out in our research report to support our opinions. We conducted research and analysis based on public information in a manner that any person could have done if they had been interested in doing so. You can publicly access any piece of evidence cited in this report or that we relied on to write this report. Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports. Any other organizations named in this website have not confirmed the accuracy or determined the adequacy of its contents.
You may republish this website in whole or in part as long as CTS is clearly and visibly credited and appropriately cited, and as long as you do not edit content.
Although we strive for accuracy and completeness to support our opinions, and we have a good-faith belief in everything we write, all such information is presented "as is," without warranty of any kindβ whether express or implied β and CTS does not accept responsibility for errors or omissions. CTS reserves the right to change the contents of this website and the restrictions on its use, with or without notice, and CTS reserves the right to refrain from updating this website even as it becomes outdated or inaccurate.
jaggerwild
https://www.pinterest.com/pin/519110294528488068/ https://www.google.com/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwi-qsPR1-nZAhVL5GMKHdsOBLgQjRwIBg&url=https%3A%2F%2Fwww.pinterest.com%2Fpin%2F519110294528488068%2F&psig=AOvVaw3mUsgqjthvS2CdknB3kIZX&ust=1521043587147222
mtrai
We really need a lot more information...they "supposedly" gave AMD notice but only 24 hours before this "news" was published...when standard practice is 90 days. Just saying.
Eastcoasthandle
Let set a few things straight about this as I'm no fan of AMD CPUs. Haven't had one in years but I find this a bit suspect.
This is a no-name startup that simply pops out of nowhere. They have professional PR representation, videos, ads, and a dedicated info weblink that's hyperbol towards AMD? And no one caught this?
https://amdflaws.com/. <---LOL ok it must be legit
From what I've read this rogue group gave AMD less than 24 hours to look at the vulnerabilities and respond before this was published for all to see in it's glory. From watching videos about journalism the standard vulnerability disclosure calls for 90 days notice, so companies have time to address flaws and respond about it. This in of itself makes the claims shady and unethical even if what they claim is remotely true. This is a huge conflict of interest how and when this is presented.
But what I also found interesting is the fact that this comes from the same area in Israel where Intel has facilities for their core design teams and manufacturing plants Nah, that must be just a coinkydink right?
Or perhaps made to look like a coinkydink.
I find this report regardless if true or not true to be incredibly disingenuous. And won't be surprised if the bread crumbs lead back to a conspirator causing drama. I am not fully convinced this is from Intel either. As it's way to obvious. That's also a red flag.
Hilbert Hagedoorn
Administrator
The timing of this whitepaper, website release and even press-releases on pro PR agencies like BusinessWire are just so suspicious. It feels like it was deliberately released as a payload, to create damage.
This research is extensive - it likely has been funded in full, as the scope of it goes very deep, months if not an entire year of work maybe even? Yesterday AMD had their one year Ryzen anniversary, they're about to launch Zen+ as well. So who benefits from all this the most? It's pure speculation, but didn't Intel have activities in Israel as well? Yep, they invested $15 billion in a plant, and let me quote the Intel CEO:
βWe think of ourselves as an Israeli company as much as a US company,β Krzanich said at a Jerusalem press conference"
It's not an accusation, but come on, it is suspicious. Also, CTS was founded as a privately held company in... 2017. Regardless of that remark, if the vulnerabilities are for real they, of course, should be out in the open. But only after AMD would have had enough time for this.
Bozskaggs
This is shady af, and should be taken with a huge grain of salt.
The white paper ends saying all of these "vulnerabilities" require admin level privleges.
Seems like a complete smear job to me.
mbk1969
cowie
I hope this is not to hard to fix
if its true
fredgml7
Is that you Intel? Lol.
I'm using my I5 fearlessly,, but keeping a backup.;)
Fox2232
Less than 24 hours from letting AMD know till sending it out = malicious intent.
nevcairiel