Ethical Hacking News
Two independent research papers have revealed a critical vulnerability in the security protocols implemented by major cloud providers, including Intel's SGX (Software Guard Extensions) and AMD's SEV-SNP. The attacks, dubbed Battering RAM and Wiretap respectively, exploit deterministic encryption to bypass their security features, highlighting a growing concern for cloud security.
Battering RAM and Wiretap attacks exploit deterministic encryption in SGX and SEV-SNP systems, allowing attackers to bypass security features. The attacks use low-cost equipment, with the Battering RAM interposer costing under $50. Both attacks have significant implications for cloud security and can be used to bypass remote attestation. The Wiretap attack has been shown to work against SGX and SEV-SNP systems using DDR4 memory modules, but is less feasible with newer DDR5 protocols. Cryptographers believe that deterministic encryption is a weak point in these systems, requiring advancements in cryptography to strengthen their security.
In recent weeks, two independent research papers have shed light on a critical vulnerability in the security protocols implemented by major cloud providers, including Intel's SGX (Software Guard Extensions) and AMD's SEV-SNP. The attacks, dubbed Battering RAM and Wiretap respectively, exploit deterministic encryption used in these systems to bypass their security features.
The Battering RAM attack, published by De Meulemeester et al., involves the use of an interposer device that sits between CPU silicon and the memory module. This device can capture and replay ciphertexts, allowing attackers to decrypt encrypted data and even manipulate it at will. The key benefit of this attack is its low cost; the interposer required for the attack can be purchased for less than $50.
Similarly, the Wiretap attack, also published by De Meulemeester et al., exploits deterministic encryption in a different manner. In this case, the attacker uses an interposer to capture and replay ciphertexts that are derived from a list of known plaintext words. This allows the attacker to decrypt sensitive data without being detected.
Both attacks have significant implications for cloud security, as they can be used to bypass the security features implemented by major cloud providers. The Wiretap attack, in particular, has been shown to work against SGX and SEV-SNP systems that use DDR4 memory modules. However, it is worth noting that the newer DDR5 memory module protocols make these attacks less feasible.
The Battering RAM attack has been shown to be effective against both Intel's SGX and AMD's SEV-SNP systems. The Wiretap attack has also been demonstrated to work against these systems, but only in conjunction with a list of known plaintext words.
One of the most significant implications of these attacks is that they can be used to bypass remote attestation, a critical security feature implemented by major cloud providers. Remote attestation allows cloud providers to verify the authenticity and integrity of VMs or other software running inside an enclave, without having access to the actual data itself. However, if an attacker is able to compromise the memory module, they can capture and replay ciphertexts, allowing them to bypass remote attestation.
The impact of these attacks cannot be overstated. As more and more sensitive data is stored in cloud-based services, it is essential that these systems are protected against attacks such as Battering RAM and Wiretap. The fact that these attacks can be carried out using low-cost equipment raises serious concerns about the security of cloud infrastructure.
The researchers behind these attacks have made it clear that they plan to continue exploring the limits of SGX and SEV-SNP systems. They believe that deterministic encryption is a weak point in these systems, and that it will take significant advancements in cryptography to strengthen their security.
In response to these attacks, many cloud providers are now re-examining their security protocols. Phala, a blockchain provider, has taken steps to mitigate the attacks by implementing additional security measures, such as encryption keys that can be shared among nodes without compromising security.
However, it is clear that more needs to be done to address the growing concern of Battering RAM and Wiretap attacks. As chipmakers replace deterministic encryption with stronger forms of protection, it will take time and significant resources to implement these new systems.
In conclusion, the recent publication of the Battering RAM and Wiretap attacks highlights a critical vulnerability in the security protocols implemented by major cloud providers. These attacks have significant implications for cloud security, and it is essential that these systems are protected against such threats. As chipmakers continue to work on strengthening their encryption protocols, it will take time and resources to implement these new systems.
Related Information:
https://www.ethicalhackingnews.com/articles/Awareness-of-Battering-RAM-and-Wiretap-Attacks-A-Growing-Concern-for-Cloud-Security-ehn.shtml
https://arstechnica.com/security/2025/09/intel-and-amd-trusted-enclaves-the-backbone-of-network-security-fall-to-physical-attacks/
https://www.webpronews.com/intel-sgx-and-amd-sev-enclaves-vulnerable-to-physical-attacks/
Published: Wed Oct 1 12:22:53 2025 by llama3.2 3B Q4_K_M
