Let’s start by clearing a few things up; In the beginning of the year, at the start of January, two major security flaws were unveiled by researchers from google. Those two flaws are called Meltdown and Spectre. With Meltdown only being an issue on intel chips and Spectre affecting almost all modern-day CPU’s with AMD, Intel and ARM SKU’s being affected.
Spectre was fixed rather easily through micro-code updates, but Meltdown was much harder to fix and needed Windows and Linux to implement special software updates to prevent the flaw from occurring.
These flaws were communicated to the processor producers five months before it went public (within margin of the 90 – days industry standard) this gave them the needed time to find some workarounds or solutions. Also, a bit of news worth noting, in December of last year the CEO of Intel sold all his shares of Intel up to the minimum he is required to have as a CEO.
Then recently two sources accused AMD of having serious security flaws in their chips. The first one is CTS-Labs, an Israeli security company founded in 2017, so its only one year old and was previously unheard of. The second one is Viceroy Research, “A group of individuals that see the world differently.” as stated on their website, they have been known to have rather unacceptable business practices.
CTS-Labs claims that AMD’s chips suffer from four sorts of invulnerabilities, they called these flaws; “Ryzenfall”, “Masterkey”, “Fallout” and “Chimera”. Besides the first one having a rather laughable name most of these flaws require Admin/ root access the computers with such chips to occur, at which point your pc already is compromised. On their website, under the domain name “amdflaws.com” they show some video’s and roughly explain some of the invulnerabilities and how they could be abused. But they never show how to get the results that they show on their website and don’t mention their testing methods which renders the research rather useless.
Nevertheless, AMD has taken these threats for their CPU’s very seriously and responded quickly, here is a statement from them;
“At AMD, security and the protection of users’ data is of the utmost importance. We believe that each of the issues cited can be mitigated through firmware patches and a standard BIOS update, which we plan to release in the coming weeks. These patches and updates are not expected to impact performance.”
With a blog post to further explain how the threats can occur and how AMD is going to solve them.
Then there is Viceroy Research that builds upon the claims from CTS-Labs. In their research papers, that reads just like a cheap thriller novel, they state;
“We believe AMD is worth $0.00 and will have no choice but to file for Chapter 11(Bankruptcy) in order to effectively deal with the repercussions of recent discoveries.”
These two sources seem to be focused on making AMD seem bad and spread this to as much media outlets as possible. They do this through ungrounded accusations and by disrespecting the business agreements. But AMD responded well seeming to take things very seriously and immediately coming out with fixes for the reported flaws.
Still all of this seems to be part of something bigger, some suspect that it was an attack to the AMD stock by a bigger player, that contacted CTS-Labs and Viceroy Research for the job. CTS-Labs was founded right around the time that the Spectre and Meltdown flaws were noticed to the CPU producers, also the only 24-hour notice on the invulnerabilities seems fishy...