Security Bits – AMD Bugs (AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera) & GrayKey

Spectre/Meltdown Update

Security Medium 1 — AMD Gets Its Turn in the Spotlight (RyzenFall, MasterKey, Fallout & Chimera)

Details are still a little sketchy, and the more we learn, the more some aspects of this story begin to smell a bit fishy, but regardless, it does seem that there are indeed 13 critical security vulnerabilities affecting many AMD CPUs, and they 13 vulnerabilities can be grouped into four named collections of related bugs, RyzenFall, MasterKey, Fallout & Chimera.

At the moment it seems none of these bugs can be remotely exploited, so an attacker would need another way into the computer before they can leverage one or more of these bugs to get up to mischief. Put another way, on their own these bugs don’t seem to pose an imminent danger, but combined with a remove code execution bug they could prove quite potent.

The first thing that really smells fishy about this story is that the security firm that published the flaws registered the domain name for the bug a month ago, but only gave AMD and handful of other companies including Microsoft 24 hours notice before going public. The next thing that really smells fishy is that it appears the security firm which published the bugs directly profited from doing so by shorting AMD on the stock market.

Many security researchers are describing these bugs as ‘overhyped’, and Linus Torvalds has been absolutely scathing in his condemnation of how this all went down — “It looks more like stock manipulation than a security advisory to me”.

The bugs affect AMD’s EPYC server CPUs, Ryzen workstation CPUs, and Ryzen Pro & Ryzen mobile CPUs. Some of the bugs affect the security gatekeeper AMD’s equivalent of Apple’s Secure Enclave, and others affect AMD’s Ryzen chipset which provides connectivity between the affected CPUs and connected peripherals like network and wifi chips. Most of the bugs are firmware bugs, but some are hardware bugs, and hence, possibly un-fixable. Some are being described as intentional back doors.

Right not it’s not at all clear whether or not this is anything near as big a deal as it sounded initially. For now there are no actual attacks in the wild, and no patches of any kind (how could there be with such irresponsible disclosure!). There doesn’t seem to be any reason to panic, all we can really do for now is wait and see how this develops over the coming days, weeks, and months.


Security Medium 2 — GrayKey

Last time we reported on controversial Israeli security firm Cellebrite’s new product offering which claims it can unlock modern iPhones running modern versions of iOS, including the iPhone 8 and the iPhone X running iOS 11.

Details of exactly what Cellebrite can do, how long it takes, and what its success rate are were unclear then, and remain so now. Really, we just have marketing materials to go on. Cellebrite offer their unlocking product as a service, not as a device or piece of software that law enforcement agencies can use themselves. Instead, they have to send the phones they want un-locked to Cellebrite who then do their thing in private.

There have been reports circulating about a physical device known as GrayKey being sold to law enforcement agencies for use at their own facilities by a US security firm named Grayshift. Details of this product have been really sketchy because no even the marketing materials are publicly available, instead, they are protect by a portal that only allows law enforcement agencies enter.

However, this week, details of GrayKey have leaked out, so we now know a lot more about how the product works.

It’s a physical box with two lightning ports. You plug two phones to be cracked into the box at the same time, wait two minutes, then remove the phones. They won’t be immediately cracked, instead, it will take a few hours for a phone locked with a 4-digit PIN, and a few days for a phone locked with a 6-digit PIN. One assumes it would take much longer for a phone with a strong alphanumeric password, if it works at all.

When the crack succeeds the phones display some information on their screens including a passcode that can be used to unlock the device. At that point all the data can be downloaded from the phone into the GrayKey device, from whence it can be accessed by the crackers. The entire disk appears to be decrypted, as does the keychain.

The bottom line remains the same as it was last time — no need to panic at the moment. This could develop into a real problem facing regular folks in the real world, but it hasn’t done so yet, and may very well never do so. For now, we need to simply wait and see how things develop.


Notable Security Updates

Notable News

  • The US Treasury Department has issued a scam alert to warn users that the US Government will never ask citizens to pay back-taxes with iTunes gift cards. This is in response to a spate of phishing attacks attempting to trick Americans into believing they owe back-taxes, and, paying them to the attackers in the form of iTunes gift cards. (Editorial by Bart: while this is an American story, I’m pretty sure the same advice applies world-wide, no legitimate government agency is going to demand you pay your taxes in the for of iTunes gifts!) —…
  • The US government has blamed the Russian government for a years-long campaign of cyber attacks against the US power grid —…
  • Facebook publicly promises not to share WhatsApp data with Facebook unless and until it can do so without breaking GDPR —…
  • Facebook have started to automatically upgrade links posted by users to HTTPS when possible —…

Suggested Reading

Palate Cleansers

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top