- Researchers found that AMD’s Secure Encrypted Virtualization can be compromised using a simple $10 hardware setup.
- The attack poses significant risks for cloud service providers using AMD SEV technology.
What happened: BadRAM attack targets AMD’s SEV technology
Researchers have discovered that AMD‘s Secure Encrypted Virtualization (SEV) technology can be compromised using a simple $10 hardware setup. This vulnerability, known as the BadRAM attack, allows attackers to bypass memory access restrictions and potentially access sensitive information. The attack was developed by teams from KU Leuven, the University of Lübeck, and the University of Birmingham. They found that the SEV-SNP (Secure Nested Paging) enhancement, designed to protect against memory remapping attacks, is not as secure as intended. By exploiting the Serial Presence Detect (SPD) chip on memory modules, the researchers manipulated memory addresses to uncover hidden data. This method requires physical access to the hardware, making it applicable in scenarios like rogue administrator attacks. The vulnerability affects DDR4 and DDR5 memory modules, with some vendors leaving their SPD chips unlocked.
Also read: Microsoft expands Recall for AMD-based Copilot PCs
Also read: AMD to lay off 4% of employees globally for market adjustment
Why this is important
The implications of the BadRAM attack are significant for the cybersecurity landscape, particularly for cloud service providers that rely on AMD’s SEV technology. Major cloud platforms such as Amazon AWS, Google Cloud, and Microsoft Azure use SEV to protect virtual machine memory, making this vulnerability a critical concern. The research highlights the potential risks associated with memory aliasing, a technique that could allow attackers to insert undetectable backdoors into SEV-protected virtual machines. While Intel’s SGX and TDX have countermeasures against such attacks, AMD’s oversight raises questions about the security robustness of its products. As cyber threats evolve, understanding vulnerabilities like BadRAM becomes essential for businesses that depend on secure cloud environments. AMD is actively tracking this vulnerability and has advised users to utilise memory modules that lock SPD to enhance security. The forthcoming advisory and firmware updates aim to mitigate the risks associated with this newfound exploit, underscoring the urgent need for vigilance in safeguarding sensitive data.
