No.RYZENFALL, FALLOUT and CHIMERA do not require physical access to exploit.MASTERKEY requires BIOS re-flashing, but that is often possible by just having local admin on the machine and running an EXE. We've confirmed this works on motherboards by Tyan, ASUS, ASRock, Gigabyte, Biostar, and others.
No. Our proof-of-concept exploits rely on an already-signed driver supplied by the vendor.
RYZENFALL, FALLOUT and CHIMERA do not require BIOS re-flashing. MASTERKEY requires BIOS re-flashing, but that is often possible by just having local admin on the machine and running an EXE. We've confirmed this works on motherboards by Tyan, ASUS, ASRock, Gigabyte, Biostar, and others.
Yes, we sent full details about the vulnerabilities to AMD, Microsoft, HP, Dell, and select vendors 24-hours before announcing them to the public. We did not publish technical details about the flaws, to avoid putting users at risk. Right now the public is aware of the vulnerabilities, AMD has been provided full details and are now working on patches, and security vendors have also been given full details and are now developing mitigations.
For redundancy. We wanted to make sure that the link remains available in the event of a DoS attack against this site.
Local machine admin privileges. The vulnerabilities are most harmful in APT situations on enterprise networks.
The vulnerabilities could be useful to attackers at the different stages of an APT attack against an enterprise network:1. Persistency: Attackers could load malware into the AMD Secure Processor before the CPU starts. From this position they can prevent further BIOS updates and remain hidden from security products.2. Stealth: Sitting inside the AMD Secure Processor or the AMD Chipset is, at the moment, outside the reach of virtually all security products. AMD chips could become a safe haven for attackers to operate from.3. Network Credential Theft: Bypass Microsoft Credentials Guard and steal network credentials. We have a PoC version of mimikatz that works even while Credential Guard is enabled.4. Specific AMD Secure Processor features for cloud providers, such as Secure Encrypted Virtualization, could be circumvented or disabled by these vulnerabilities.
No. In most cases, all that's required to exploit MASTERKEY is to run an EXE with local admin privileges.Each MASTERKEY vulnerability could provide attackers with dual capabilities: First, the capability to flash a modified BIOS, which is typically not possible because of UEFI signature verification. And second, the capability to execute code on the Secure Processor itself during boot.