Intel and AMD Trusted Enclaves, a Foundation For Network Security, Fall To Physical Attacks (arstechnica.com)
(Wednesday October 01, 2025 @11:30PM (BeauHD)
from the inadequate-protections dept.)
- Reference: 0179619774
- News link: https://it.slashdot.org/story/25/10/01/229239/intel-and-amd-trusted-enclaves-a-foundation-for-network-security-fall-to-physical-attacks
- Source link: https://arstechnica.com/security/2025/09/intel-and-amd-trusted-enclaves-the-backbone-of-network-security-fall-to-physical-attacks/
Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that [1]break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports:
> In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs ( [2]Trusted Execution Enclaves ) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.
>
> Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed [3]Battering RAM , defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as [4]Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.
[1] https://arstechnica.com/security/2025/09/intel-and-amd-trusted-enclaves-the-backbone-of-network-security-fall-to-physical-attacks/
[2] https://duckduckgo.com/?q=what+is+tee+sgx&t=vivaldi&atb=v481-1&ia=web
[3] https://batteringram.eu/
[4] https://wiretap.fail/
> In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs ( [2]Trusted Execution Enclaves ) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.
>
> Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed [3]Battering RAM , defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as [4]Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.
[1] https://arstechnica.com/security/2025/09/intel-and-amd-trusted-enclaves-the-backbone-of-network-security-fall-to-physical-attacks/
[2] https://duckduckgo.com/?q=what+is+tee+sgx&t=vivaldi&atb=v481-1&ia=web
[3] https://batteringram.eu/
[4] https://wiretap.fail/
The good part of this: (Score:2)
by Gravis Zero ( 934156 )
This will actually make it easier for security companies to analyze malware that uses SGX and SEV.
Frankly, I find these to be misfeatures as the people who actually want these are slinging DRM.
If an attacker has physical access to my DIMMS (Score:1)
by apparently ( 756613 )
I have bigger problems.
Re: (Score:2)
by 93 Escort Wagon ( 326346 )
Right, for most of us this probably isn't particularly relevant. But, if you're employed by a cloud vendor possessing contracts with a national government... then maybe you do need to think about this.
Battering RAM (Score:2)
by fahrbot-bot ( 874524 )
Dredge in flour, then beaten eggs, then dried bread crumbs, preferably Panko. Deep-fry until golden brown.
Hardware vulnerable to physical attacks (Score:2)
World reels in shock and amazement. More at 11.
Xbox hardware security (Score:1)
[1]Guarding Against Physical Attacks: The Xbox One Story [platformse...summit.com] was written in 2019.
I don't know if the Xbox has been compromised since then, but if it has been, it wasn't easy.
[1] https://www.platformsecuritysummit.com/2019/speaker/chen/
Re: (Score:2)
The XBox is impressive, but it uses a physical ring of defenses. CPU makers don't have that much room.
At most, they can put a capsule of a potent acid, so decapping causes it to physically dissolve the secure area.
Instead, maybe some work should be done on PUFs. This way, the chip doesn't have to contain any secure data. It just uses its unclonable encrypt/decrypt operation to deal with stuff. A name:value lookup for passwords could be infinite because it wouldn't need to be stored in an enclave.