According to CTS-Labs, 13 newly detected vulnerabilities in AMD processors can be divided into 4 main categories: Master Key, Ryzenfall, Fallout, and Chimera. All of them, after all, are targeted on the secure CPU area, Secure Processor, which stores, you guessed it, the most sensitive information such as passwords, encryption keys, etc. According to words of CTS-Labs’ financial manager, Yaron Luk-Zilberman, it is almost impossible to detect the malware that exploits this problem due to Secure Processor’s own defensive mechanisms.
When a system starts it runs a startup check using CPU to detect any unauthorised programs. Master Key is able to bypass this stage and install malicious software directly into BIOS – that crucial part of the system that controls the startup even before the operating system kicks in. In case of the infection, Master Key authorises the installation of any malware making hardware protection absolutely inefficient.
Ryzenfall is a threat that affects only AMD Ryzen processors. It is able to obtain full control over Secure Processor, intercepting passwords, credit card details, biometric data, etc. Even though Windows has additional software defense mechanisms as Windows Defender and Windows Credential Guard (available in Enterprise and Education versions of Windows 10) to protect sensitive data, getting around these guys becomes significantly easier with Ryzenfall.
Fallout is very similar to Ryzenfall, however, it affects only AMD EPYC processors. This should worry Azure Cloud users, as Microsoft recently announced that it uses AMD EPYC processors for Azure Cloud services. Naturally, Microsoft acknowledged the issue and is currently working on solutions.
Chimera strikes two weak spots of AMD Ryzen chips simultaneously, firmware and drivers. As Wi-Fi and Bluetooth traffic come through Secure Processor, a malefactor is able to intercept or control the data sending modified information (and potentially malware) to a user.