AMD Chip Flaws: There’s More to the Story

New research claiming to have identified major vulnerabilities in AMD chips is raising more questions than answers from many security professionals. Yesterday, CTS Labs, a little-known cybersecurity firm based in Tel Aviv, published its findings about "13 critical security vulnerabilities and manufacturer backdoors" in AMD's EPYC and Ryzen chips in a white paper and a dedicated Web site, amdflaws.com.

However, AMD as well as a number of security experts say the company's unorthodox disclosure methods merit skepticism about those claims.

Among skeptics' concerns: CTS Labs gave AMD little time to investigate its findings before releasing them to the press; market-watchers have noticed a recent spike in short selling of AMD stock; and researchers' lack of technical information and proof-of-concept code.

'Highly Unusual Disclosure'

Researchers at CTS Labs released their findings after giving AMD less than a day to review the reported vulnerabilities, U.K .security architect Kevin Beaumont noted yesterday in a post on his Double Pulsar blog. "This is a highly unusual and reckless disclosure of security flaws," Beaumont said.

In its response to the research, AMD posted a statement on its Web site that said, "We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings."

Software engineer and Linux creator Linus Torvalds also weighed in with criticisms about how the research was publicized, stating on his Google Plus page that "it looks like the IT security world has hit a new low."

Not Like Spectre, Meltdown

At first glance, CTS Labs' disclosure appeared similar to how different research teams revealed their findings about the major processor vulnerabilities Spectre and Meltdown earlier this year. However,...

Comments are closed.