Vulnerability discovered in AMD and Intel cloud security technology

0

Vulnerability found in hardware from AMD and Intel
Researchers find leak in confidential computing technology

Providers on the topic

Security researchers at ETH Zurich have found a vulnerability in the technology that AMD and Intel use to protect cloud servers. The technology is intended to protect sensitive data, which of course makes the gap particularly serious.

Researchers find security holes in AMD and Intel processors.

(Image: vlorzor – stock.adobe.com)

Security researchers at ETH Zurich have discovered a gap in the confidential computing technology from AMD and Intel found. The technology is intended to protect sensitive data in the cloud. However, attackers can read the data through a gap.

This is how the attacks work

The gap arises from the interaction of the hypervisor software and the interrupt mechanism used in the cloud infrastructure for process control. The researchers discovered that specially crafted interrupts can give an attacker access to data processed in a so-called Trusted Execution Environment (TEE), even if it is isolated. Two specific types of attacks were examined: the “Heckler attack,” which was successful on AMD and Intel systems, and the “WeSee” attack, which exclusively affects AMD hardware and is enabled by a special communication mechanism between the TEE and the hypervisor.

These discoveries are part of a broader research project to develop a tap-proof smartphone that will enable independent app execution and increased data protection. The research highlights the need to continually improve cloud security measures and strengthen isolation and protection of sensitive data in cloud environments.

The results of this research highlight the need to continually review and improve even the seemingly robust security measures in cloud environments, particularly with regard to the isolation and protection of data during its processing.

(ID:50004894)

source site