Researchers from Georgia Tech, Purdue University, and van Schaik LLC introduced TEE.fail, a new attack methodology exploiting vulnerabilities in DDR5 memory bus interposition. This innovative attack affects server implementations of Intel SGX and AMD SEV-SNP by extracting sensitive cryptographic keys from secure environments. Key extractions were demonstrated even under high security standards, revealing a critical flaw in current trusted execution designs that prioritize performance over security guarantees.
The attack specifically targets the weaknesses stemming from the deterministic AES-XTS memory encryption used in modern server-grade environments, which contrasts with earlier robust integrity protections. The researchers utilized hobbyist equipment, demonstrating that executing the attack could be done for under $1,000, emphasizing a serious threat posed to current computing systems. Furthermore, the implications of this attack extend into practical applications, successfully demonstrating the extraction of critical keys from production environments. TEE.fail represents a landmark moment in vulnerability research, highlighting the urgent need for enhanced security measures in trusted execution technologies.
👉 Pročitaj original: Cyber Security News
