Ethical Hacking News
A recent side-channel attack has exposed vulnerabilities in Intel and AMD's hardware security systems, allowing attackers to extract secrets from the trusted execution environment (TEE). The TEE.Fail attack has significant implications for data protection and encryption, and researchers are urging caution as this vulnerability is yet to be seen in action.
A group of researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack called TEE.Fail that can extract secrets from Intel's and AMD's hardware security. The attack targets the trusted execution environment (TEE) in computer processors and uses deterministic encryption modes like AES-XTS to bypass security measures. The researchers used an interposition device costing under $1,000 to physically inspect memory traffic inside a DDR5 server, exposing vulnerabilities in Intel's SGX and AMD's SEV-SNP. The attack poses significant risks to confidential virtual machines (CVMs) and can be used to steal attestation keys and private signing keys from OpenSSL's ECDSA implementation. Both Intel and AMD have stated that they do not intend to provide mitigations for physical vector attacks, highlighting the need for software countermeasures to mitigate risks.
The cybersecurity landscape has witnessed another significant breach, this time targeting the hardware security of two major players: Intel and AMD. A group of academic researchers from Georgia Tech, Purdue University, and Synkhronix have successfully developed a side-channel attack called TEE.Fail that enables the extraction of secrets from the trusted execution environment (TEE) in a computer's main processor.
This groundbreaking study has exposed the vulnerabilities of Intel's Software Guard Extensions (SGX) and Trust Domain Extensions (TDX), as well as AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) and Ciphertext Hiding. The researchers used an interposition device built using off-the-shelf electronic equipment that costs under $1,000 to physically inspect all memory traffic inside a DDR5 server.
The attack, at its core, relies on the use of deterministic encryption modes like AES-XTS. This method has been deemed insufficient by the researchers to prevent physical memory interposition attacks. As a result, a bad actor could leverage this custom equipment to record the memory traffic flowing between the computer and DRAM, thereby opening the door to a side-channel attack.
This type of attack poses significant risks to confidential virtual machines (CVMs), including ECDSA attestation keys from Intel's Provisioning Certification Enclave (PCE). The researchers emphasized that attestation is the mechanism used to prove that data and code are actually executed in a CVM. However, with this side-channel attack, an attacker can pretend that their data and code are running inside a CVM while actually not doing so.
Furthermore, the study revealed that SEV-SNP with Ciphertext Hiding neither addresses issues with deterministic encryption nor prevents physical bus interposition. As a result, the attackers were able to extract private signing keys from OpenSSL's ECDSA implementation.
While there is no concrete evidence yet that this attack has been put into action in the wild, the researchers have issued a warning about the risks and potential consequences of using deterministic encryption modes like AES-XTS.
In response to the disclosure, AMD stated that they do not intend to provide mitigations for physical vector attacks. Intel also echoed this sentiment, stating that TEE.Fail does not change their previous stance on these types of physical attacks.
To mitigate the risks arising from this attack, software countermeasures will be essential. However, implementing these measures could come at a significant cost.
In conclusion, this new side-channel attack highlights the importance of addressing hardware security vulnerabilities. As technology advances and becomes increasingly complex, it is crucial that researchers continue to identify potential weaknesses in our current systems and work towards finding solutions to protect against them.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Side-Channel-Attack-Exposes-Intel-and-AMDs-Hardware-Security-Vulnerabilities-ehn.shtml
https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html
https://www.bleepingcomputer.com/news/security/teefail-attack-breaks-confidential-computing-on-intel-amd-nvidia-cpus/
Published: Tue Oct 28 15:18:27 2025 by llama3.2 3B Q4_K_M
