Home CTS Labs defends its public disclosure of AMD vulnerabilities
News

CTS Labs defends its public disclosure of AMD vulnerabilities

Wayne Manion Former News Writer Author expertise
Disclosure
Disclosure
In our content, we occasionally include affiliate links. Should you click on these links, we may earn a commission, though this incurs no additional cost to you. Your use of this website signifies your acceptance of our terms and conditions as well as our privacy policy.

CTS Labs has received scrutiny this week for its decision to publicize the flaws it claims to have located in AMD's chipsets and Secure Processor architecture rather than pursue the traditional responsible vulnerability disclosure model. Security researchers typically contact the manufacturer of the vulnerable technology and give the company or companies 30-90 days to create and distribute fixes. In a public letter, CTS Labs' CTO Ilia Luk-Zilberman describes how he takes issue with the traditional model, and how the group of researchers decided the best course of action was to make the public immediately aware of the alleged flaws but withhold the technical details.

Luk-Zilberman says his group was researching security problems with ASMedia's ASM1042, ASM1142, and ASM1143 USB 3.0 and USB 3.1 controller chips when AMD announced that it would work closely with Asmedia on chipsets for its AM4 platform. CTS Labs then turned its attention to AMD's chipsets and Secure Processor, and according to Luk-Zilberman, the group discovered new vulnerabilities about "once a week."

The author then describes CTS' motivations to publish its findings immediately rather than providing ASMedia and AMD several weeks to work on fixing the problems. His primary argument is that public disclosure forces the vendor to begin work on mitigating the flaws immediately. Luk-Zilberman concludes the letter by saying that his group could have provided its proof-of-concept code to more than one party (in this case, Dan Guido from Trail of Bits) before making its claims public.

Joel Hruska at ExtremeTech took issue with Luk-Zilberman's methods, noting that many Intel motherboards and standalone cards produced over the last six years have been host to the same ASMedia USB controllers that CTS Labs claims to have exploited. Hruska points out that the researchers didn't publish an Intel-specific advisory about those parts. Furthermore, he notes that CTS chose to create a website called amdflaws.com and not asmediaflaws.com or intelflaws.com, even though motherboards for both chipmaker's CPUs could share some of the same security issues.

In our view, the responsible-disclosure model isn't perfect, but it's been shown time and again that it offers end-users the highest-possible level of protection from security flaws discovered after products are already in the field. CTS Labs' methods may hasten AMD's efforts to correct problems, but could result in public exploits before the company is able to create and distribute an effective fix. The appearance of coordination between CTS Labs and suspected short-seller Viceroy Researcher also casts suspicion on the group's motives and methods.

The Tech Report - Editorial ProcessOur Editorial Process

The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.

Wayne Manion Former News Writer

Wayne Manion Former News Writer

Wayne Manion is a tech writer with years of experience in the industry. His key areas of strength include mobile and wireless communications, GPUs, and other computer components, like SSD storage and gaming keyboards.

Latest News

Elon Musk’s Company xAI Is Planning to Launch a Supercomputer by Fall 2025
News

Elon Musk’s xAI to Launch Supercomputer by Fall 2025 to Enhance Grok

Wiener AI $3M milestone
Crypto News

$WAI Presale Breaks Past $3M at a Pace of $100,000/Day, Follows $TURBO Up 60%

WienerAI ($WAI), a new project that combines memes and artificial intelligence (AI), surpassed the $3M milestone on presale. Although the presale started slow, it has now gained traction, with positive...

News

South Africa’s Justice Department Suspends Third-Party Payments after Attempted Cyberattack

South Africa’s Department of Justice and Constitutional Development (DJ&CD) has been hit by a cyberattack. Those who require immediate child maintenance have been asked to go the traditional way—visit their...

Elon Musk Says AI Will Take All Our Jobs In The Future 
News

Elon Musk Says AI Will Take All Our Jobs In The Future 

SEC Wins Against YouTuber Ian Balina Over Unregistered Crypto Promo
Crypto News

SEC Wins Against YouTuber Ian Balina Over Unregistered Crypto Promo

Financial Analyst Predicts Massive Upcoming Rally for XRP
Crypto News

Financial Analyst Predicts Massive Upcoming Rally for XRP

Bitcoin Options Expire Soon: Could This Lead to a Rise in Crypto Prices?
Crypto News

Bitcoin Options to Expire Soon: Could This Lead to a Rise in Crypto Prices?