WASHINGTON (AFP): Advanced Micro Devices made chips came under scrutiny as security researchers have found flaws that could allow hackers to take over computers and networks. A few weeks Earlier, Spectre and Meltdown malware attacks shook the computer hardware industry allowing programs to steal data which is currently processed on the computer.
CTS Labs, an Israel based security firm has published their official report stating “multiple critical security vulnerabilities and exploitable manufacturer backdoor’s” in AMD chips. However, expert analysts have questioned the validity of the report and criticized the firm for its “over-hyped beyond relief”. Some has also termed as “marketing ploy” by the company.
While CTS has identified 13 flaws, saying they “have the potential to put organizations at significantly increased risk of cyber-attacks.” Describing these newly discovered flaws they said it could compromise AMD’s new chips that handle applications in the enterprise, industrial and aerospace sectors, as well as consumer products.
The researchers said the AMD Secure Processor, the gatekeeper responsible for the security of AMD processors, contains “critical vulnerabilities” that “could allow malicious actors to permanently install malicious code inside the Secure Processor itself.”
“These vulnerabilities could expose AMD customers to industrial espionage that is virtually undetectable by most security solutions,” the researchers said.
Related:- Best Gaming Processors
AMD outsources Ryzen chip-set to one of its client Taiwanese chip manufacturer, ASMedia, CTS has claimed Ryzen chip-set “is currently being shipped with exploitable manufacturer back doors inside” which could allow hackers “to inject malicious code into the chip” and create “an ideal target” for them.
The reports said “CTS believes that networks that contain AMD computers are at a considerable risk,”
“The vulnerabilities we have discovered allow bad actors who infiltrated the network to persist in it, surviving computer reboots and re-installations of the operating system.”
“This allows attackers to engage in persistent, virtually undetectable espionage, buried deep in the system.”
Advanced Micro Devices, Inc. an American multinational semiconductor company, that focuses on computer processors gave their first impression on CTS 20-pages published a report and said: “At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise,”.
“We are investigating this report, which we just received, to understand the methodology and merit of the findings.”
enSilo researchers said, “The impact of these vulnerabilities is more severe than Meltdown/Spectre as it allows an attacker to execute highly privileged code and persist on the victim machine”.
“We estimate that without patches from AMD, protection against the vulnerabilities can be limited at best, the best protection is to block malware that attempts to leverage these vulnerabilities.”
Many analysts including Linus Torvalds called “a bit exaggerated report ” by CTS Labs as it drew a lot of criticism from the industry.
CTS-Labs has put up an disclaimer showing “Although we have a good faith belief in our analysis and believe it to be objective and unbiased, you are advised that we may have, either directly or indirectly, an economic interest in the performance of the securities of the companies whose products are the subject of our reports,”- that raised yet more questions over its legitimacy.