Tag Archives: Don’t Panic!

RYZENFALL, MASTERKEY, FALLOUT, CHIMERA – Don’t Panic!

3 April 2018

CTS-Labs publication (1) of new branded security flaws in AMD’s latest Ryzen and EPYC processors attracted much media attention.

Much Ado About Nothing

Much Ado About Nothing. Made with WortArt.com.

Two facts on RYZENFALL, MASTERKEY, FALLOUT and CHIMERA:

  • In all cases the attacker requires administrative access to exploit the processor flaws.
  • For exploitation of MASTERKEY the attacker needs to re-flash the bios.

For a good overview see post ‘AMD Flaws’ (2) in the Trail of Bits blog.

To put it succinctly:: An attacker managed to fully compromise a system based on an AMD Ryzen or EPYC processor and to stay undetected. Then he starts exploiting Masterkey, flashes the BIOS and reboots the system. As a result he gets directly detected.

That makes no sense. Once I fully compromised a system I have plenty opportunities to run a deep dive into the victim’s network and, to stay undetected. The risk of getting detected when exploiting e.g. MASTERKEY is just too high.

The world of threat actors can be divided in two classes: Non-Nation State Actors and Nation State Actors. In particular MASTERKEY fits perfectly in the cyber weapon arsenal of the latter because only they have the resources to compromise the processors where it is most convenient, in the supply chain.

I don’t like branded vulnerabilities because they keep us from dealing with really important security issues.

Have a great week!

  1. CTS-Labs. Severe Security Advisory on AMD Processors [Internet]. AMDFLAWS. 2018 [cited 2018 Apr 3]. Available from: https://safefirmware.com/amdflaws_whitepaper.pdf

  2. Guido D. “AMD Flaws” Technical Summary [Internet]. Trail of Bits Blog. 2018 [cited 2018 Apr 3]. Available from: https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/

BadUSB – Don’t fall into a doomsday mood!

2 August 2014

When Karsten Nohl published his research on 21 July 2014, BadUSB spread throughout the media within hours. One had the feeling that the end of the world arrives at the door. Millions of  potentially compromised USB sticks could take over control of all other USB devices.

But the worst is yet to come: We are utterly powerless! Antivirus products of whatever vendor could not block this kind of attack.  As if we did not know, that Antivirus products are of limited value today.

My first reaction was: Keep cool! It’s just a proof of concept. It’s not in the wild! And the best is: It’s a very complex task, and therefore not lucrative for normal attackers.

Vulnerabilities in the handling of USB devices are not new. A search in the U.S. National Vulnerabilty Database (NVD) shows 4 high severity flaws in the past 18 month. Moreover, it is well-known that viruses are very often spread through USB devices. We all know the risk!

And even the vulnerabilities in onboard controllers are not new. Mathieu Stephan reports in his post ‘Hacking SD Card & Flash Memory Controllers’ from 29 December 2013 that the Firmware of SD Card’s was compromised. Take a look at the Video in his post.

Marshall Honorof’s post ‘Don’t Panic Over the Latest USB Flaw’ from 1 August 2014 saved my day.

At the end of his post Marshall sums it up: ‘Make no mistake: BadUSB is a fantastic proof-of-concept, and lays bare some serious problems with USB stick security. But, like anything else in the world of computing, you can avoid trouble using a little common sense.

To be honest, I expect a technical solution to the BadUSB trouble within the next month. Otherwise the USB stick market will collapse.

But in the meantime: Don’t Panic!