128 GB USB flash drive hot dog
More than Meets the Eye with USB Flash Drives
March 9, 2018
WannaCry and Global Cyber Security Threats: Y2K 2.0?
March 29, 2018

Ryzenfall: Another Bombshell AMD Vulnerability

AMD Ryzenfall is yet another weakness in the design of modern CPUs.

Earlier this year, the IT world was rocked by the news that a devastating vulnerability affected just about every Intel processor in use today. Because the universe is a cruel place that spares nobody, AMD users had little time to gloat before it turned out a similar issue affected their CPUs as well. Unfortunately, the bad news just keeps on coming. Earlier in March 2018, the world learned of a new vulnerability in AMD chipsets, dubbed Ryzenfall.

What Is Ryzenfall?

Ryzenfall is not one security flaw but rather a group of related flaws. Ryzen and Ryzen Pro chipsets, along with other AMD chipsets such as Promontory, have hidden backdoors placed into them by the manufacturers. Having manufacturer backdoors in products isn’t unusual. But the fact that these backdoors weren’t closed when the products left the factory represents what the IT security world likes to call “a big oopsie”. The CEO of CTS Labs, the firm that discovered the bugs, says:

“This is as bad as it gets in the world of security.” – Ido Li On, CTS Labs CEO

Some of the vulnerabilities included under the Ryzenfall umbrella could allow hackers to slip persistent malware directly onto the processor. Other vulnerabilities allow hackers to gain control over the kernel. This is a high-privilege area of your computer out of reach of normal users.

Rumors Aswirl

Curiously, there are some rumors that a financial firm connected to CTS Labs had been short selling AMD stock. This would explain why these flaws were made public knowledge so quickly without consulting with AMD privately first. Typically, when somebody discovers vulnerabilities such as this, they privately inform the manufacturers and vendors first before the data goes public. This allows them to at least make some progress patching up the vulnerabilities before the public—and hackers who might wish to take advantage of these vulnerabilities—gets wind of it.

It seems some people may have plotted to use the knowledge of Ryzenfall to negatively affect AMD stocks for financial gain. However, the disclosures have not had a major effect on AMD stock values within the past week.

However, this shouldn’t put a damper on the explosive claims made by CTS Labs. The existence of these backdoors has been independently verified since they released their white paper by other security firms such as Trail of Bits. However, it does cast the CEO’s statement in a bit more of a hyperbolic light.

Rest assured, though: this is bad, albeit maybe not end-of-the-world bad. Certainly not end-of-AMD bad.

How Do I Protect Myself from Ryzenfall?

That’s probably the question you’re asking yourself right now.

Fortunately, Ryzenfall is a “second stage’ vulnerability. In order to make use of the backdoor to cause trouble, a hacker would still have to:

  • Get into your network
  • Get onto your computer
  • Gain administrative privileges

In other words, until a patch comes along, you can protect yourself from Ryzenfall the same way you protect yourself from any other network intrusion:

1. Use a strong VPN with two-factor authentication to log into your network.

2. Use strong, unique passwords for social media accounts, email accounts, and accounts for any online or cloud-based services, including two-factor authentication if possible.

3. Avoid opening suspicious email attachments, LinkedIn and Facebook messages, and other common phishing vectors.

4. Keep track of the use of laptops, USB flash drives, and other physical devices, especially portable ones, within your workplace.

Many of the same steps that can protect you from ransomware intrusions will also prevent a hacker from exploiting Ryzenfall on your network. To learn how to protect yourself, check out and download Gillware’s ransomware prevention guide.

Most importantly, don’t just read about the things you need to do—do them!

Will Ascenzo
Will Ascenzo
Will is the lead blogger, copywriter, and copy editor for Gillware Data Recovery and Digital Forensics, and a staunch advocate against the abuse of innocent semicolons.
//]]>