Vulnerabilities are real, but not all are new or important

Mar 14, 2018 07:18 GMT  ·  By

A security firm published a report regarding a number of security flaws in AMD Ryzen processors, but it was done in an odd manner, and it might hide its true purpose, and that is stock manipulation.

A lot of CPU vulnerabilities were unveiled in the past few months, both for Intel and AMD. Some of the problems have been more serious than others, but at least users found out about them. Patches have been issued and companies made changes to the production lines to fix the hardware.

It’s been a hectic period for CPU makers and users alike, and, understandably, all of these problems are also mirrored in the stock market. If we take that into account and go backward, we can imagine that some people will try to go backward and influence the stock market with the help of vulnerabilities.

This is what seems to have happened with the latest report from an Israeli company called CTSLabs, which published their finding regarding some vulnerabilities in AMD Ryzen processors. They gave the company 24 hours to respond, which is suspicions from the start.

Not enough time to investigate

After the report was made public and available to the press, which is also a red flag, everyone raced towards AMD to get a reaction. As you can imagine, 24 hours is not enough time, especially since the report mentions 13 vulnerabilities "similar" with Specter and Meltdown.

People started to investigate what’s happening and found out some pretty interesting details. First of all, no one really knows anything about CTSLabs, a company that appeared just last year and has three people.

Secondly, thanks to the great nation of Reddit, it was revealed that the video they put out used a green screen and stock footage to make it look more legit.

It’s all about the stocks

What makes this report even more suspicious is that another company suspected of being a front for various investors that have an interest to see the stock prices go down for particular companies, Viceroy Research, just published a report regarding AMD. And they happen to mention the information from CTSLabs.

Thanks to WCCFtech and TomsHardware, we now that Viceroy Research’s research paper was made available just a couple of hours later after the vulnerabilities were revealed. The research paper is extensive, and it’s unlikely that it was put together without prior notice.

Both Viceroy Research and CTSLabs have stated that even though their information and research are accurate, they do have to disclose that they might have a financial stake. And, also that it’s actually an opinion and not a fact.

So, are the vulnerabilities real?

As it turns out, the problems revealed by CTSLabs do exist, but they are not as problematic as the research suggests. Dan Guido, co-Founder, and CEO for Trail of Bits, said on Twitter that CTSLabs asked them to review their finding a week ago.

The bugs are real, but Dan Guido says that “Meltdown and Spectre required novel research advances. In contrast, all of these latest flaws have been well understood since the 90s. They are not new foundational issues, they are well understood programming flaws.”  

AMD didn’t comment, and it’s likely that it will take them a while to respond. The only thing from AMD right now this a short entry on their blog.

“We have just received a report from a company called CTS Labs claiming there are potential security vulnerabilities related to certain of our processors. We are actively investigating and analyzing its findings. This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings. At AMD, security is a top priority and we are continually working to ensure the safety of our users as potential new risks arise.”

As for the stock price, for now, it seems to be unaffected, but we’ll have to recheck it after the news has circulated enough.