AMDFlaws.com reports multiple flaws regarding to AMD CPU’s. The question is if the page can be trusted as source? I believe so and take it serious but want to add right here and now that I have my doubts about the entire background of this story.
The AMDFlaws.com domain was registered with GoDaddy on the 22, February 2018 and ownership of this particular domain is hidden by Domains By Proxy, LLC. It’s questionable why a so called security company hides the domain ownership identity. The researchers gave AMD less than 24 hours to look at the vulnerabilities and respond before publishing the report which is really really short because usually vulnerability disclosure calls for at least 90 days’ notice - so that companies have time to address flaws properly.
Behind all this is the Israeli cyber security research firm with six employees, checking their page reveals some interesting information for example that their phone number (+1-585-233-0321) is a New York one. There other findings which are mentioned later in this article which made me and the community skeptical about the entire story.
There not much details given except that all 4 flaws needs to be executed with administrative privileges. The whitepaper doesn’t explain much and was criticized all over the placed on Twitter.
[caption id=”attachment_3765” align=”aligncenter” width=”621”] Picture Source: CTS-Labs[/caption]
Some people actually tried the code and it seems to run which means it might be real.
At AMD, security is a top priority and we are continually working to ensure the safety of our users as new risks arise. We are investigating this report which we just received, to understand the methodology and merit of the findings.
At this point it’s unclear how long it will take to fix these issues with AMD’s processors since it requires more time to properly analyze the flaws and to find ways to fix it.
There several claims that this could all be a big hoax, however the code of it seems to run and was tested by Jake Williams (Twitter link) - usually this alone is a prove that this seems legit.
The following strange parts are found:
[caption id=”attachment_3757” align=”aligncenter” width=”960”] The flaw is discussed on /r/Amd on reddit. Picture Source: Reddit.com via Imgur[/caption]
Some people do have serious doubts - including myself to be perfectly honest. The domain hides some important information and according to this screen it could all been made up. The whitepaper is really unprofessional and CTS Labs gave AMD no proper time to analyze the 4 flaws.
It’s also worth to say here that the registered domain of CTS-Labs points to AMDFlaws.com.
A good explanation would be to manipulate the stock to create such a hoax but it’s only my guess right now. And seems I’m not the only one which thinks this way.
There some people saying it’s faked others which really inspected the source of it saying it’s real. I will update this story as more information comes in and as AMD reports back to us with their findings based on serious research and not only based on community guessing.
The AMDFlaws story is real and not a hoax, it got confirmed by several independent security researchers.
It seems a failed attempt was made to manipulate the stock market just like I said in the initial post. However the threat itself is real and we need to wait until everything is discovered here and until AMD, ASMedia & Co. are finally responding to it which usually takes several months because auditing and testing this takes it’s time and no one likes to rush something to spread possible false information.
I think what we (once again) learned is that people doing everything for money, even shady things like this, however I’m thankfully that this story was real quickly debunked and that the real information are already landed on AMD in order to inspect it, we will see how AMD will handle it and if there is more to say on the details then the pointless whitepaper released by CTS-Labs.
AMDFlaws Legal Disclaimer (amdflaws.com)