Intel and AMD Chip Security Falls to Low-Cost Physical Attacks Exploiting Memory Encryption Flaws

Source: Intel and AMD trusted enclaves-the backbone of network security-fall to physical attacks

Intel and AMD’s secure enclaves, relied upon by cloud providers to protect sensitive data, have been compromised by new physical attacks targeting memory encryption techniques. These findings raise significant concerns for projects depending on Trusted Execution Environments (TEEs) such as Intel SGX and AMD SEV-SNP.

What Are TEEs and Why They Matter

• TEEs create encrypted enclaves within processors designed to prevent software or OS-level access to sensitive data.
• Intel SGX and AMD SEV-SNP encrypt memory contents using deterministic encryption-meaning identical data in the same memory location always encrypts to the same ciphertext.
• This feature is critical to many cloud services, including some blockchain platforms that trust TEEs for confidential smart contract execution.

The Two New Attacks: Battering RAM and Wiretap

Researchers independently published two physical attack techniques that exploit deterministic encryption and a simple interposer device placed between the CPU and memory chips:

1. Battering RAM

• Uses a custom analog switch interposer costing under $50.
• Creates “memory aliases” to capture and replay encrypted memory blocks, tricking the system into decrypting or manipulating stale data.
• Works against both Intel SGX and AMD SEV-SNP on DDR4 memory.
• Allows active attacks: read and tamper with encrypted data, inject backdoors, or corrupt memory.
• Can compromise SGX’s attestation key or trick SEV-SNP into accepting compromised VMs with valid certifications.

2. Wiretap

• Employs a more expensive ($500–$1,000) interposer with a logic analyzer.
• Only passively decrypts SGX-protected data on DDR4 (AMD support possible with extra work).
• Builds a dictionary of known ciphertext-to-plaintext mappings to progressively recover sensitive attestation keys.
• Enables attackers to impersonate genuine, secure enclaves during remote attestation.

Why Deterministic Encryption Is the Weak Link

• Deterministic encryption encrypts identical plaintext and address pairs into the same ciphertext, allowing attackers to observe, replay, or map encrypted data predictably.
• It was chosen by Intel and AMD to scale encryption across large memory ranges with reduced overhead.
• However, this trade-off leaves TEEs vulnerable to physical attacks leveraging predictable ciphertext patterns.
• Researchers agree hardware design changes are likely the only fix, by adding integrity and freshness guarantees or moving to probabilistic encryption.

Real-World Impact: Blockchain and Cloud Providers

• Blockchain projects like Phala, Secret Network, Crust, and IntegriTEE rely on TEEs for confidential smart contracts and state updates.
• Wiretap demonstrated how an attacker with the attestation key can decrypt cluster keys, breaking the privacy guarantees of such services.
• Despite warnings from chipmakers that TEEs are not designed to resist physical attacks, many cloud providers still rely heavily on their assurances.
• Neither attack works on DDR5 memory or Intel’s newer TDX technology, which deploys more secure encryption protocols.

Final Thoughts

• Attacks like Battering RAM and Wiretap expose fundamental limitations in current TEE designs.
• Physical compromise at the hardware level-such as supply chain attacks or datacenter tampering-can break enclave security.
• Until AMD and Intel adopt encryption methods that provide integrity and freshness guarantees, TEE-based confidentiality cannot be fully trusted against physical attackers.
• Projects and developers should reevaluate their threat models, especially when handling highly sensitive data in remote environments.