Redazione RHC : 1 October 2025 12:10
A team of researchers has developed a simple hardware tool that challenges the fundamental principles of trusted computing in modern cloud environments.
Using a device costing less than $50, they were able to bypass the hardware protections of Intel Scalable SGX and AMD SEV-SNP , which enable Trusted Execution Environments (TEEs).
These technologies are the foundation of confidential computing used by major cloud providers and protect in-memory data from privileged attacks and physical access, including cold restarts and memory bus interceptions.
The developed device is a DDR4 interposer that is inserted between the processor and the memory stick. It manipulates address lines and creates dynamic memory aliases that are undetectable by built-in security tools. Unlike static attacks based on modifying SPD chips, which Intel and AMD have already addressed in their new firmware, the dynamic nature of the interposer allows it to bypass boot checks and operate in real time . This transforms expensive hardware attacks costing hundreds of thousands of dollars into an accessible method that requires minimal investment and basic engineering skills.
Using Intel Scalable SGX systems, scientists demonstrated for the first time that using a single key across the entire memory range allows arbitrary data to be read and written within protected enclaves. They also experimentally extracted the platform security key underlying the remote attestation mechanism. This completely compromises the system’s credibility: an attacker can generate fake attestations without access to the actual hardware. This compromises the fundamental integrity verification mechanism in cloud services.
In the case of AMD SEV-SNP, the researchers demonstrated a bypass of the new ALIAS_CHECK mechanisms designed to protect against BadRAM-type attacks. Their method allowed them to reproduce previously safe scenarios , including ciphertext block replacement and replay . The attack allows them to create fake virtual machines that pass remote verification as legitimate, effectively destroying the system of trust in the SEV ecosystem.
The device is built using readily available components: a printed circuit board, a Raspberry Pi Pico 2 microcontroller, and a pair of analog switches. The entire project cost less than $50, making it far cheaper than professional DDR4 analyzers. Furthermore, the attacks are deterministic and fast, without the need for expensive equipment or complex conditions.
The study showed that even platforms updated with Intel and AMD firmware are vulnerable to simple physical attacks if an adversary gains temporary access to the server . This could be a cloud provider employee, a supply chain agent, or even law enforcement with access to the equipment. The authors emphasize that such threats cannot be ignored, as hardware-based memory encryption was introduced precisely to prevent them.
The researchers disclosed the details to Intel in January 2025 and to AMD in February. Both companies acknowledged the vulnerability but stated that physical attacks were beyond their threat models. Arm, after receiving notification of the method’s potential applicability to the CCA architecture, also stated that physical access was not covered by its solutions’ warranties. After the embargo lifted, the project, including the source code and firmware for the interposer, was publicly released on GitHub.
The authors point out that the transition to scalable TEEs has been accompanied by a weakening of cryptographic guarantees in favor of performance and full memory support. This solution, previously considered secure, has proven vulnerable to low-cost hardware attacks. Future security can only be strengthened by reverting to stronger cryptographic methods or by switching to integrated memory, where physical access to the bus is impossible.
Redazione