Researchers from KU Leuven have developed a supply chain attack that allows them to bypass AMD and Intel’s confidential computing techniques.
With a simple device costing less than €50, researchers from KU Leuven and the University of Birmingham have succeeded in bypassing the most advanced security technologies from Intel and AMD. The hack, dubbed “Battering RAM”, exposes a fundamental vulnerability in the hardware of modern chips.
Confidential Computing
The attack targets confidential computing technologies from cloud providers. These offer hardware-level data protection. Examples include Intel Software Guard Extensions (SGX) and AMD Secure Encrypted Virtualization (SEV). Such systems are intended to ensure that cloud usage is secure, even when requirements are very high. In theory, they ensure that even someone with access to a server cannot view the data and operations performed on that server.
The research now shows that these techniques are not infallible. The researchers built a low-cost memory interposer: a small circuit board placed between the processor and memory. By manipulating electrical signals, they were able to read out secured memory locations. The result is that sensitive data becomes accessible despite the existing security.
Intel and AMD
“Our attack demonstrates that even the most advanced confidential computing technologies remain vulnerable today when an attacker has limited physical access to the server’s motherboard,” says Professor Jo Van Bulck (DistriNet, Department of Computer Science). The attack works on both Intel and AMD systems.
read also
KU Leuven exposes vulnerability in AMD processors
The attack is not easy to execute and requires physical access to the server. That may sound drastic, but it does not make the problem irrelevant. SGX and SEV are precisely intended to offer guarantees against the most advanced threats. A supply chain attack, where an entity such as a nation-state infiltrates a supply chain to install a memory interposer, is not inconceivable.
Not the first time
These findings follow earlier research by the same team, including the BadRAM attack which exposed vulnerabilities in AMD processors in 2024. Although chip manufacturers have since made software adjustments, the underlying hardware architecture remains a problem.
The researchers warn that the vulnerability is difficult to remedy because it resides in the hardware itself. This means that attackers with access to the motherboard, for example via the supply chain or during maintenance in data centers, pose a risk of intercepting sensitive data without leaving a trace.