Attribute | Details |
---|---|
Threat Actors | Potential attackers requiring physical access; remote attackers exploiting unlocked SPD chips |
Campaign Overview | Exploitation of a vulnerability in AMD’s Secure Encrypted Virtualisation (SEV) memory protection, enabling access to encrypted cloud data for as little as $10 in equipment |
Target Regions | Cloud computing environments globally, including providers like AWS, Google, Microsoft, and IBM |
Methodology | Manipulation of the Serial Presence Detect (SPD) chip on RAM modules to trick processors into accessing encrypted memory |
Product Targeted | AMD processors using SEV protection; potentially other manufacturers not locking SPD chips |
Malware Reference | None explicitly mentioned |
Tools Used | Off-the-shelf hardware costing less than $10 to modify SPD chips |
Vulnerabilities Exploited | Bypassing SEV protections through “aliasing,” creating multiple CPU addresses for the same memory location |
TTPs | Physical tampering with hardware, aliasing to bypass memory protections, and exploiting unlocked SPD chips |
Attribution | Vulnerability discovered by researchers from KU Leuven, University of Luebeck, and University of Birmingham |
Recommendations | Apply AMD firmware updates, use SPD-locked memory modules, follow physical system security best practices, monitor for tampering |
Source | The Record |
Read full article: https://therecord.media/amd-security-flaw-badram
Disclaimer: The above summary has been generated by an AI language model
Leave a Reply