Researchers contradict AMD claims that SEV keys can’t be extracted remotely
The researchers have already published PoC code to execute the attack
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Security researchers have overruled claims fromAMDthat recent findings concerning the chip giant’s security processes do not pose a real-world threat.
The Technische Universität (TU) Berlin’s Security in Telecommunications group recently published a research paper that demonstrated ameans to defeat AMD’s SEV mechanismin a voltage fault injection attack they refer to as a glitching attack.
AMDsaid the report, which described means to extract encryption keys from Secure Encrypted Virtualization (SEV)-enabled CPUs, had little real-world implication since it requires physical access to aserver.
Robert Buhren, one of the authors of the paper, contacted TechRadar Pro to dismiss AMD’s supposition, and instead claims that the attacker needs to have physical access to any arbitrary Epyc CPU, and not necessarily to the CPU that executes the targetedvirtual machines(VM).
“A malicious admin could buy the CPU somewhere and use the extracted keys on systems in the data-center. IMHO, this makes the attack much more dangerous as no physical tampering with machines in the data center is required,” Buhren told us.
Real world implications
Further explaining the real-world implications of their research, Buhren adds that the attack they describe enables attackers to use keys extracted from one AMD Epyc CPU to attack VMs running on any other AMD CPU as long as it is based on the same microarchitecture.
“In our paper we specifically describe an attack scenario that allows an attacker to decrypt a SEV protected VM’s memory without physical access to the system hosting the VM,” asserts Buhren.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Buhren further points to his team’s earlier research paper, in which they hadpublished proof-of-concept (PoC) code, which enabled a malicious administrator to mount the kind of attack that’s described in their current research.
The PoC shows how an attacker can use the keys from one AMD processor to extract a SEV-protected VM’s memory inside a data center.
He explains that their most recent glitching attack makes it possible to extract details from all three generations of Zen CPUs, in essence enabling the PoC to work on all AMD processors that support SEV.
Even more worryingly, Buhren claims that since the glitching attack isn’t a firmware issue, it’ll work regardless of whether AMD publishes updated firmware or not.
AMD hasn’t yet responded toTechRadar Pro’s email requesting for comment on Buhren’s assertions.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Cisco issues patch to fix serious flaw allowing possible industrial systems takeover
7 myths about email security everyone should stop believing
Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report
