Published by The Lawfare Institute
in Cooperation With
CTS Labs, an Israel-based hardware security company, released on Tuesday a whitepaper and website describing flaws they discovered in two lines of computer chips produced by the company AMD. CTS Labs hasn’t released the actual exploits and only describes the flaws in the EPYC and Ryzen processor lines in terms of high-level approach and capabilities. As is the current tradition, these flaws have all been given fancy names (RYZENFALL, MASTERKEY, FALLOUT and CHIMERA) with matching logos. The vulnerabilities are interesting and will be of great concern for a select few customers—but for most Lawfare readers, the correct response to three of the four vulnerabilities is, essentially, a shrug. The exception is CHIMERA, which poses a potentially serious national security concern.
In order to use any of the four vulnerabilities, an attacker must already have almost complete control over the machine. For most purposes, if the attacker already has this access, we would generally say they’ve already won. But these days, modern computers at least attempt to protect against a rogue operating system by having separate secure subprocessors. CTS Labs discovered the vulnerabilities when they looked at AMD’s implementation of the secure subprocessor to see if an attacker, having already taken control of the host operating system, could bypass these last lines of defense.
MASTERKEY enables an attacker who can also reflash the BIOS—that is, change the low-level code stored on the computer’s motherboard used to start up everything, including the operating system—to have the computer processor accept their own version of that code, bypassing the usual checks. RYZENFALL, FALLOUT and CHIMERA all enable the attacker to read and write hardware-protected memory used by the computer’s secure coprocessor and a few other features to protect secret keys.
But CHIMERA, unlike the others, is a series of vulnerabilities not in the processor but instead in the “chipset”—the separate component in a computer that acts to interface all the peripherals (USB devices, network, speakers, etc.) to the computer’s central processing unit (CPU). AMD did not design their own chipset. Instead they contracted ASMedia, a Taiwanese company, to design and build it for them.
The chipset itself has privileged permissions, meaning that it’s able to read and write all of the computer’s memory—including the memory that is supposed to be otherwise off limits. Attackers can access the chipset by taking control of the computer’s operating system. And if they can then take over the chipset, they can bypass the last-line protections shielding the computer’s memory from interference. Because this includes the secure regions of the computer, which are supposed to be protected from even the operating system, a chipset compromised by an attacker can evade even those last defenses. Evading these defenses allows the attacker to read cryptographic keys or other secure secrets which are supposed to be protected against even an operating-system compromise.
Only a few high-security users actually take advantage of these features, and these defenses only come into play once the operating system is already compromised, so the overall impact for most is minor. But for those few high-security users, it’s a concern. Attackers with access to those cryptographic keys could access whatever secrets were protected by that last measure of security. This may include allowing them to read encrypted messages, impersonate the computer’s server to others, access authentication tokens in order to login to other computers, and more.
CTS Labs doesn’t claim this vulnerability was accidental. Instead they claim there are multiple backdoor functions hidden in the chipset that allow an attacker to load their own code. This could simply be a result of misdesigned debugging features, which are normally used to locate and correct software errors. But it may also be a deliberate attack.
Sabotaging the chipset would be an incredibly powerful way to insert a backdoor. The chipset is responsible for connecting the computer to the network, so if a sabotaged chipset includes network functionality, it could support network backdoors: accepting commands embedded in network requests and executing the resulting code, bypassing the computer’s operating system completely in order to take control of the machine. Or a rogue chipset could respond to the insertion of a “magic” USB key containing a special set of instructions, enabling someone to instantly take over the computer.
This is an incredibly serious accusation—one for which CTS Labs hasn’t yet provided evidence. Only when they actually release details about the vulnerability can we evaluate whether or not the claims of a deliberate backdoor are reasonable.
But if CHIMERA really is a backdoor, this would be a serious concern. It could be the result of either some debugging functionality accidentally left in the chipset by ASMedia or something more nefarious: a “supply chain attack,” where someone sabotages a system during the manufacturing or distribution process. Even if ASMedia claims that CHIMERA is a legitimate debugging functionality, it could still be a supply chain attack in disguise, as debugging features are some of the best ways to hide such an attack.
Supply chain attacks are a significant threat to U.S. national security, as many of the components of our computers are made overseas. A rogue manufacturer or government could easily compromise huge swaths of our computing infrastructure by sabotaging the products we buy. And there is a significant possibility CHIMERA might be an effort to do just that.
CTS labs needs to provide more details establishing whether CHIMERA is indeed a set of deliberate backdoors. If it is, that should trigger a significant investigation by the United States. A supply chain attack of this power would be one of the most significant cyberattacks ever. And if we want to defend against such attacks, or even attempts to disguise such attacks as accidents, we need a full accounting.