CTS Labs’ researchers have warned that if you’re running an AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processor on your computer then you might be at risk. It is also reported that the chips contain backdoors that could be used by attackers to exploit target devices.
In what the researchers have called a ‘severe security advisory,’ they have identified a total of 13 critical vulnerabilities in AMD’s processor architecture.
Each of these affects one or more processors and they are divided into the following classes: Ryzenfall, Fallout, Chimera, and Masterkey.
The vulnerabilities have been discovered not long after Intel faced backlash for Meltdown and Spectre. AMD chips were largely unaffected due to design differences.
Now, the latest AMD-specific flaws could provide hackers access to the most secure parts of AMD’s chips. Even the separate co-processor called Secure Processor that is designed to handle sensitive security-related tasks.
While these newly founded vulnerabilities could bring dark days for AMD users, taking their advantage first requires the attacker to have administrator privileges on the target machine.
Potentially, this puts millions of devices running the affected chips at risk. But it is not that AMD is only the one facing the heat. Questions are being raised against the researchers as well.
The fact that AMD was notified just one day before the whitepaper and the website AMDFLAWS.com was made public has raised eyebrows. Also, the whitepaper doesn’t contain any technical details about the vulnerabilities, though, the website reads it was done to prevent their exploitation.
According to security experts, the vulnerabilities are possibly over-hyped and CTS might be having some financial motives behind. As Wired points out, their Whitepaper contains an unusual disclaimer that CTS may have “an economic interest in the performance of the securities of the companies whose products are the subjects of our reports.”
Anyway, whatever the case may be. The warnings issued by the researchers can’t be taken with a pinch of salt. We will have to wait till some concrete information is released by AMD.