""We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks," researchers Jesse De Meulemeester, David Oswald, Ingrid Verbauwhede, and Jo Van Bulck said on a website publicizing the findings. "Later, with just a flip of a switch, our interposer turns malicious and silently redirects protected addresses to attacker-controlled locations, allowing corruption or replay of encrypted memory.""
"Battering RAM compromises Intel's Software Guard Extensions ( SGX) and AMD's Secure Encrypted Virtualization with Secure Nested Paging ( SEV-SNP) hardware security features, which ensure that customer data remains encrypted in memory and protected during use. It affects all systems using DDR4 memory, specifically those relying on confidential computing workloads running in public cloud environments to secure data from the cloud service provider using hardware-level access control and memory encryption."
Battering RAM uses a low-cost DDR4 interposer that sits between processor and memory to stealthily redirect physical addresses and manipulate encrypted memory traffic. The interposer uses simple analog switches to pass trust checks during startup and then, when activated, reroutes protected addresses to attacker-controlled locations, enabling corruption or replay of encrypted memory. The technique bypasses Intel SGX and AMD SEV-SNP memory protections and affects systems using DDR4 memory in public cloud confidential-computing workloads. On Intel it permits arbitrary plaintext reads and writes into enclaves; on AMD it can reintroduce backdoors and sidestep firmware mitigations. The interposer can be built for less than $50 and operates stealthily.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]