Cloud providers rely on hardware-based memory encryption to keep user data safe. This encryption shields sensitive information like passwords, financial records, and personal files from hackers and curious insiders.
Leading technologies such as Intel SGX and AMD SEV-SNP are designed to ensure that even if a cloud host or administrator is compromised, encrypted data remains protected.
A new attack called Battering RAM shows these safeguards can be defeated with a tiny hardware add-on costing less than $50.
Researchers have developed a low-cost interposer a small board that fits between the processor and memory module.
During system startup, this interposer behaves normally and passes all built-in security checks. Once the operating system and cloud platform consider memory safe, the attacker can activate a hidden switch on the interposer.
From that point, the device silently redirects encrypted memory requests to attacker-controlled locations, enabling data corruption or replay without detection.
How the Attack Works
- Stealthy Startup: The interposer remains transparent during boot, allowing the system to validate memory encryption keys and setup routines.
- Triggering Malicious Mode: After boot, the attacker flips a simple hardware switch. The interposer then rewrites address metadata so that protected memory pages point to attacker buffers.
- Ciphertext Capture: By reading the aliased buffer, the attacker captures encrypted data belonging to secure enclaves or virtual machines.
- Replay Attack: Next, the interposer is reconfigured so the attacker’s own enclave occupies the victim’s physical address. The captured ciphertext is replayed, forcing the processor to decrypt and execute it in the attacker’s context.
- Plaintext Exposure: The decrypted data, which should remain secret, appears in the attacker’s enclave. This process grants full read or write access to memory regions protected by Intel SGX or AMD SEV-SNP.
Impact on Intel and AMD Defenses
- Intel SGX: Designed to protect code and data within secure enclaves on Intel CPUs. Battering RAM bypasses enclave isolation by replaying ciphertext into an attacker’s enclave.
- AMD SEV-SNP: Aims to secure virtual machines running on AMD EPYC processors. The attack breaks the integrity checks and remote attestation that SEV-SNP uses to confirm VM memory authenticity.
In both cases, the exploit operates below the operating system and hypervisor, making it invisible to software defenses. Cloud customers and providers are left exposed to data theft, manipulation, or system crashes.
Commercial memory interposers used for testing typically cost over $100,000. In contrast, the Battering RAM interposer uses off-the-shelf analog switches and a four-layer PCB that can be manufactured for under $50.
All schematics and design files are publicly available, increasing the risk that malicious actors could adopt this technique.
Intel and AMD have acknowledged the research findings but note that fully addressing Battering RAM requires a redesign of memory encryption protocols. Possible defenses include:
- Adding cryptographic integrity checks on memory metadata.
- Verifying memory mapping throughout system runtime, not just at boot.
- Introducing tamper-evident hardware that alerts on unexpected metadata changes.
Until such changes appear in future processors, cloud users should factor physical memory attacks into their threat models and consider additional safeguards such as multi-party memory encryption or real-time hardware attestation to protect critical workloads.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
