Latest CTS-Labs Interview Bolsters Belief Of Targeted Attack On AMD

As we wait for something to become of the ousting of 13 vulnerabilities related to AMD’s Zen-based processors, a new in-depth interview helps bolster our belief that something isn’t quite right with CTS-Labs. The company couldn’t even be bothered to establish an address before taking on a microprocessor giant with insinuations of complete corporate collapse as a result of its findings.

I’m not smoothing out my words here, because I find all of CTS-Labs and the way it’s delivered its information to be absurd. At AnandTech, site editor Ian Cutress teams up with RealWorldTech‘s David Kanter to rattle off some questions to CTS-Labs’ CEO Ido Li On, and CFO Yaron Luk-Zilberman. The result is that CTS-Labs can’t answer a question without heavily skirting providing an actual answer. It’s all capped off with this finish:

DK: I think the biggest question that I still have is that ultimately who originated this request for analysis – who was the customer that kicked this all off?

ILO: I definitely am not going to comment on our customers.

DK: What about the flavor of customer: is it a semiconductor company, is it someone in the industry, or is it someone outside the industry? I don’t expect you to disclose the name but the genre seems quite reasonable.

ILO: Guys I’m sorry we’re really going to need to jump off this call but feel free to follow up with any more questions.

That was preceded with a question of how some press had news ready-to-go not long after CTS-Labs’ initial unveil, which was countered with complete ignorance: “I would have to check the timing on that and get back to you, I do not know off the top of my head.” Granted, it did take place a staggering 3 days ago.

Even if it’s likely that the company forgot about something that happened only earlier this week, you don’t have to look far to find hole after hole in the company’s logic. What’s worse, an ASMedia chip (or IP) is largely being targeted as the prime issue here, yet there was no existence of an ASMediaFlaws.com website. It’s hard to ignore the fact that ASMedia is used on hundreds of Intel motherboards, as well. Yet somehow, this was laser-focused on AMD, to the point where branding was developed out the wazoo for each series of vulnerabilities.

CTS-Labs strikes me as a try-hard research firm so keen on breaking it big, that business is handed in a very haphazard way. Even if these vulnerabilities are legitimate, and some of them (or maybe all) seem to be, they are in no way as critical as Meltdown or Spectre – certainly not something that will bring AMD’s stock to $0.00, as immediately claimed by Viceroy Research, a company that itself is sketchy.

When Spectre and Meltdown broke, Intel wasted no time addressing the market. It’s telling, then, that AMD has remained silent on things since it made its original announcement that it was looking into the research. I’d wager it’s because while vulnerabilities do exist (they’ve been verified by seemingly legitimate third-parties), they’re not the kind to bring down an enterprise.

Ultimately, this seems to me to be an attack on AMD’s stock (disclaimer: I don’t own any), and if so, the fact that it really hasn’t budged at all only increases the deserved mockery here. But in case it does all prove true, I’d recommend simply making sure no one tries to replace your BIOS firmware, since that allegedly plays a big role in these attacks.