Modern server processors implement Trusted Execution Environments (TEEs) like Intel Software Guard Extensions (SGX) and AMD Secure Encrypted Virtualization (SEV) to protect sensitive data even if the host system is compromised. Two recent independent research efforts—WireTap by U.S. researchers and Battering RAM by Belgian and UK scientists—demonstrate novel hardware-level attacks targeting the data exchange between the processor and DDR4 RAM modules to extract or manipulate encrypted data within TEEs. WireTap intercepts the DDR4 memory bus using an interposer and a logic analyzer, capturing encrypted data streams at slowed memory speeds (1333 MHz instead of 1600–3200 MHz). By injecting known plaintext into the TEE and comparing it with intercepted ciphertext, attackers can derive the encryption key and decrypt sensitive data. This approach reduces the cost of such attacks from hundreds of thousands of dollars to under a thousand, making them more accessible. Battering RAM employs a custom-designed interposer board controlled by a Raspberry Pi Pico microcontroller to ground specific address lines at precise moments, causing data mirroring that forces the processor to write data to attacker-accessible memory cells. This method allows attackers to capture encrypted data and then decrypt it by running code within the same memory range, bypassing the need to compute encryption keys. Notably, Battering RAM can circumvent AMD’s SEV-SNP security extension, which was designed to prevent memory modification attacks, enabling not only data theft but also potential code injection into virtual machines. Both attacks assume an attacker with full control over the server hardware and software, including physical access to memory modules. While these attacks currently target DDR4 memory, DDR5 modules remain unbroken due to architectural changes and higher speeds. The research challenges the assumption that TEEs provide absolute protection against a fully compromised host and underscores the importance of regular, independent security evaluations. Despite the complexity and physical access requirements, the drastically reduced cost and covert capabilities of these attacks may broaden the range of threat actors willing to exploit them.

For European organizations, especially those relying on cloud services, virtualized environments, or server infrastructure employing Intel SGX or AMD SEV TEEs, these attacks pose a significant risk to the confidentiality and integrity of sensitive data. The ability to extract encryption keys or decrypt protected memory contents undermines the fundamental trust model of TEEs, potentially exposing cryptographic keys, intellectual property, personal data, or other confidential information. The Battering RAM attack's capability to bypass SEV-SNP protections and inject malicious code into virtual machines further elevates the threat by enabling persistent compromise and lateral movement within cloud or data center environments. Although the attacks require physical access and specialized hardware manipulation, the reduced cost and covert nature of Battering RAM increase the feasibility of insider threats or sophisticated supply chain attacks. The impact is particularly critical for sectors handling highly sensitive data such as finance, government, healthcare, and critical infrastructure. Additionally, organizations using DDR4 memory modules are at risk, while those that have migrated to DDR5 may currently be less vulnerable. The attacks do not affect availability directly but severely compromise confidentiality and integrity, potentially leading to data breaches, regulatory non-compliance, reputational damage, and financial losses.

European organizations should implement a multi-layered mitigation strategy beyond generic advice: 1) Physically secure server hardware to prevent unauthorized access to memory modules and motherboard components, including tamper-evident seals and restricted data center access controls. 2) Transition to DDR5 memory modules where feasible, as current attacks target DDR4 and DDR5’s architectural improvements provide enhanced resistance. 3) Employ hardware attestation and runtime integrity verification to detect unauthorized hardware modifications or anomalous memory behavior. 4) Use encrypted memory technologies with non-deterministic encryption schemes to prevent key recovery via known plaintext attacks. 5) Monitor and audit virtual machine memory access patterns and hypervisor logs for signs of manipulation or unusual activity indicative of Battering RAM-style attacks. 6) Collaborate with cloud service providers to ensure they have implemented physical security and hardware integrity measures aligned with these threats. 7) Regularly update and patch firmware and microcode for Intel and AMD processors as vendors may release mitigations or detection capabilities. 8) Conduct independent security assessments and penetration testing focused on hardware-level attack vectors. 9) Consider architectural changes such as isolating critical workloads on dedicated hardware or using alternative confidential computing technologies with different threat models. 10) Educate security teams about the limitations of TEEs and the importance of physical security in protecting cryptographic assets.