Researchers have identified two new hardware-based attacks, Battering RAM and Wiretap, that exploit deterministic encryption and physical interposers to break Intel’s SGX and AMD’s SEV-SNP trusted enclaves. These vulnerabilities are particularly concerning for cloud service providers and companies reliant on secure data storage, as they undermine the foundational security of trusted execution environments (TEEs). The attacks were reported by Ars Technica, emphasizing their implications for major cloud providers that recommend the use of these protections for safeguarding sensitive data, such as that handled by messaging services like Signal and WhatsApp.
The Battering RAM attack enables attackers to not only view encrypted data but also manipulate it, potentially introducing software backdoors or corrupting data. In contrast, the Wiretap method allows passive decryption of SGX-protected data without leaving a trace. These findings build on a history of vulnerabilities that have been exposed in SGX and SEV-SNP, raising questions about the reliability of hardware-based security solutions in the cloud. The revelations highlight the persistent challenges faced in securing data in the cloud environment, even with advanced technologies designed to protect against cyber threats.
Major cloud providers have long advocated for the use of Intel’s SGX and AMD’s SEV-SNP to secure sensitive operations and data. However, these latest attacks underscore the limitations of such measures and the need for continued research into alternative security mechanisms. The research community’s ability to consistently uncover vulnerabilities in these systems may drive the development of more robust security frameworks, although it also casts doubt on the current state of security in cloud computing.