They're a shell company that specializes in stock market price manipulation. Beware of news sources and intent.

This is not "fake news", this is a real issue that AMD will have to address.

Gamers Nexus can try to put as much lipstick on this issue and attack the way the security company presented the issue, it's still an issue.

Actually, with how it's been presented it truly is fake news.

Brad_Hawthorne
Actually, with how it's been presented it truly is fake news.

I agree here. The way CTS Labs acted and initially presented itself and its "findings" were completely suspect and honestly very irresponsible to present a possible vector of attack to the wild without giving the respective company time to respond first. However, now that AMD must scramble lets see what they do and what happens.

09973

Brad_Hawthorne
Actually, with how it's been presented it truly is fake news.

I agree here. The way CTS Labs acted and initially presented itself and its "findings" were completely suspect and honestly very irresponsible to present a possible vector of attack to the wild without giving the respective company time to respond first. However, now that AMD must scramble lets see what they do and what happens.

+1.... but I think this story sums up the nonsense that these guys are probably being paid to serve the unknowing public: https://www.extremetech.com/computing/265695-cts-labs-responds-allegations-bad-faith-amd-security-disclosures-digs-deeper-hole  
 
"

[W]e have started researching ASMedia chips about a year ago. After researching for some time, we have found manufacturer backdoors inside the chip which give you full control over the chips (ASM1042, ASM1142, ASM1143). We wanted to go public with the findings, but then saw that AMD have outsourced their chipset to ASMedia. So we decided to check the state of AMD, we bought a Ryzen computer, and whimsically ran our exploit PoC, and it just worked out of the box.

By its own statements, CTS Labs tested and developed a proof of concept exploit for Asmedia controllers before it was aware these controllers were incorporated into Ryzen chipsets. Where, then, is the website AsmediaFlaws.com? Where’s the notification to tell Intel motherboard customers that the chips on their motherboards can be similarly backdoored and abused? This isn’t a theoretical; I’m writing this article from an Ivy Bridge-E system powered by an Asus X79-Deluxe motherboard with an Asmedia 1042 controller. In its white paper, CTS Labs describes the offending Asmedia controllers as follows:

In our assessment, these controllers, which are commonly found on motherboards made by Taiwanese OEMs, have sub-standard security and no mitigations against exploitation. They are plagued with security vulnerabilities in both firmware and hardware, allowing attackers to run arbitrary code inside the chip, or to reflash the chip with persistent malware.
 

If CTS Labs has accurately characterized these flaws, the problems in Asmedia controllers affect millions of Intel motherboards worldwide going back six years. In the early days of USB 3.0, before Intel added its own native chipset support, Asmedia was one of the most common third-party providers. Chips like the ASM1142 are still used on Intel motherboards today. When we looked at Newegg, nearly every USB 3.0 PCI Express card we spot-checked used an Asmedia solution — typically the ASM1042 or ASM1142.
If these Asmedia flaws are common to Intel, AMD, and standalone cards, Intel users and expansion card users absolutely should’ve been notified. If they’re unique to AMD users, CTS Labs needed to explain why. It has not. Again, when security researchers describe flaws, they typically describe them across the entire set of hardware on which they are known to occur. Failing that, they at least acknowledge the use of these broken solutions in other contexts. CTS Labs did neither."
 
The whole thing is a joke, what a bunch horse hockey pucks! lol Nice try CTS.

Hmm.... Entertaining.
From the comments:
Go g: - " Who gave you the ADMINISTRATOR password? If connecting with a laptop to a production server is what a hacker COULD do, how would he get an administrator password for a server?"

And this one.

Dimiter Petrov: - "So you can flash BIOS if you have root access ... SURPRISE SURPRISE :D :D :D How is this a vulnerability? I see it more as a feature"

None of those were answered by CTS labs.
Ive been reading about this from the get go. The whole case stinks like a pile of fresh manure. Sorry for analogy. 😝

rjohnson11
That is OK. We like honest answers and opinions here.

Interesting. Because I was threatened with a ban for being honest and factual.