When the Spectre and Meltdown vulnerabilities were revealed in millions of processors earlier this year, those deep-seated vulnerabilities rattled practically the entire computer industry. Now a group of Israeli researchers is outlining a new set of chip-focused vulnerabilities that, if confirmed, would represent another collection of flaws at the core of computer hardware, this time in a processor architecture designed by AMD. But the researchers now also face their own questions: about the hype they’re piling onto those revelations, the timing of their disclosure to AMD, and even their financial motivations for their work.
On Tuesday morning, hardware security firm CTS Labs published a paper and website pointing to four new classes of attack that the company says are possible against AMD chips in both PCs and servers. Together, they seem to offer an array of new methods for hackers who have already gained significant access to a computer running AMD’s “Zen” processor architecture. At their worst, the vulnerabilities as described would allow attackers to bypass security safeguards against tampering with the computer’s operating system, and potentially plant malware that evades practically any attempts to detect or delete it on AMD chips.
“We believe that these vulnerabilities put networks that contain AMD computers at a considerable risk,” reads a paper published by the CTS researchers. “Several of them open the door to malware that may survive computer reboots and reinstallations of the operating system, while remaining virtually undetectable by most endpoint security solutions. This can allow attackers to bury themselves deep within the computer system and to potentially engage in persistent, virtually undetectable espionage.”