A new vulnerability we’re revealing, Battering RAM, is leading ground to this insight. It jeopardizes the security of cloud infrastructures powered by Intel and AMD processors. A team of researchers from KU Leuven and the University of Birmingham found out about this vulnerability. Perhaps even worse, it allows attackers to circumvent the most recent mitigations that have been added to these advanced processors. Researchers Jesse De Meulemeester, David Oswald, Ingrid Verbauwhede, and Jo Van Bulck made this exciting discovery. They have brought to light how Battering RAM may exacerbate cloud security.
It’s bad enough that earlier this year, Intel, AMD and Arm were warned in advance by reports of Battering RAM. To date, these companies have publicly argued that physical attacks are outside the scope of their product’s threat model. This vulnerability compromises critical hardware security features, including Intel’s Software Guard Extensions (SGX) and AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
We’ve got to be clear—battering RAM isn’t just a theoretical issue, it has profound real-world consequences. Cloud service providers and their customers should be alarmed. The vulnerability is thought to impact all derivatives of Intel and AMD processors, giving it a wide scope of exploitation. The researchers developed an impressive proof-of-concept (PoC) for AMD’s Zen 5 machines. This attack demonstration emphasizes how trivial it would be for any attacker to take advantage of this vulnerability.
At its core, Battering RAM introduces memory aliases dynamically at run time. This is significant because it can bypass the boot-time alias checks that Intel and AMD have deployed. Consequently, the vulnerability can be used by a malicious cloud infrastructure provider or insider to break remote attestation. This powerful capability comes with enormous risks and could easily allow arbitrary backdoors to be inserted into sensitive workloads.
“Battering RAM exposes the fundamental limits of the scalable memory encryption designs currently used by Intel and AMD, which omit cryptographic freshness checks in favor of larger protected memory sizes.” – Researchers
Technical Implications and Attacks
The technical mechanics of Battering RAM are pretty simple, using an interposer that can be assembled for under $50. This interposer employs off-the-shelf analog switches to reroute signals in between the processor and memory. While it is hand pressed by an adversary prior to the system’s startup, they have created a simulation of a hardware-obfuscated protection.
That once active, the interposer can unexpectedly go rogue with a flip of a switch. This invisibly reroutes any visits to safeguarded Physical Addresses to places in the control of the attacker. Such manipulation may allow an attacker to reverse, tamper with, or replay encrypted memory. It presents a critical security concern for businesses that use cloud-based services.
“We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks.” – Jesse De Meulemeester, David Oswald, Ingrid Verbauwhede, and Jo Van Bulck
The impact of this vulnerability goes far beyond hacks. As data travels inside a cloud environment, that data must first be decrypted from its previous location. Then, it is re-encrypted again for its new destination. Frequent moves allow evil hypervisors to figure out new patterns from the data they’ve moved, even if it’s over a secure connection. This academic understanding of predictive policing has resulted in clear and demonstrable privacy violations.
“So when data is relocated, AMD’s hardware decrypts it from the old location and re-encrypts it for the new location. But what we found was that by doing this over and over again, a malicious hypervisor can learn recurring patterns from within the data, which could lead to privacy breaches.” – David Lie
Need for Redesign in Memory Encryption
The defending against Battering RAM adversary is a daunting challenge. Moreover, experts suggest that addressing this vulnerability would mean a complete redesign of memory encryption as a whole. Existing models don’t account for the disruptive aliasing potential that Battering RAM brings. This gap in oversight is a critical blind spot that underscores the weakness of our current security protocols.
Intel, AMD, and Arm’s denial of physical attacks greatly misrepresents the dangers of vulnerabilities such as Battering RAM. With the ongoing growth of cloud computing, mitigating such vulnerabilities will be vital to maintaining the integrity of data and the confidence of cloud customers.