By Jim Finkle and Arjun Panchadar (Reuters) – An Israeli cyber security research firm with six employees on Tuesday said it had found flaws in Advanced Micro Devices microprocessors that made them vulnerable to hacks. AMD said it was investigating the claims, which were followed by heavy trade in AMD shares. The stock was up […]
After short-selling surge, Israeli firm says it finds AMD chip flaw
By Jim Finkle and Arjun Panchadar
(Reuters) – An Israeli cyber security research firm with six employees on Tuesday said it had found flaws in Advanced Micro Devices microprocessors that made them vulnerable to hacks.
AMD said it was investigating the claims, which were followed by heavy trade in AMD shares. The stock was up 2.4 percent in late afternoon trade at $11.80 after falling as low as $11.10 following the release of the report from Tel Aviv-based CTS Labs.
CTS executives told Reuters that they had shared their findings with some clients who pay the firm for proprietary research on vulnerabilities in computer hardware. They declined to identify their clients or say when they had provided them with data on the vulnerability.
“I can’t really talk about my clients,” said Yaron Luk-Zilberman, chief financial officer at the firm that was founded in January 2017.
Short-seller Viceroy Research published a 25-page report on the vulnerabilities on Tuesday, saying it had taken a substantial short position in the stock, betting its shares will fall.
On Friday and Monday, short selling of AMD’s stock increased by about 15 million shares, according to S3 Partners, a financial analytics firm. That brought overall short interest in the chipmaker to about 180 million shares, the most since at least 2010.
“Over the last several days there was a spike in short selling that was completely out of the norm,” said Ihor Dusaniwsky, S3 Partners’ head of research.
AMD said that the report took it by surprise.
“This company was previously unknown to AMD and we find it unusual for a security firm to publish its research to the press without providing a reasonable amount of time for the company to investigate and address its findings,” AMD said in a note to customers on its website.
New York-based cybersecurity firm Trail of Bits told Reuters that it had verified the findings from CTS, which paid $16,000 for a review of the AMD vulnerabilities.
A Trail of Bits analyst spent a week reviewing detailed technical reports from CTS, along with “proof of concept” code that could be used to launch attacks on computers running vulnerable AMD chips, Trail of Bits Chief Executive Dan Guido told Reuters.
“These are real security issues in AMD code and processors” that hackers could exploit to manipulate or steal secure data, he said.
For the attacks to work, an attacker must first obtain administrator access to a targeted network, Guido said.
(Reporting by Jim Finkle in Toronto, Arjun Panchadar Additional reporting by Noel Randewich in New York, Saqib Ahmed in New York and Shariq Khan in Bengalure; Editing by Susan Thomas; Editing by Sai Sachin Ravikumar)