Trusted Execution Environments (TEEs) like Intel Software Guard Extensions (SGX) and AMD Secure Encrypted Virtualization (SEV) are designed to protect sensitive data even if the host system is compromised. Two recent independent research efforts—WireTap from the U.S. and Battering RAM from Belgium and the UK—demonstrate practical attacks on these TEEs by targeting the data exchange between the processor and DDR4 RAM modules. WireTap intercepts encrypted data by physically inserting an interposer between the CPU and RAM, using a logic analyzer to capture data streams at throttled memory speeds. By inputting known plaintext and capturing corresponding ciphertext, attackers can derive encryption keys and decrypt sensitive data. This approach reduces the cost of such attacks to under $1,000, making them more accessible. Battering RAM uses a custom interposer board controlled by a Raspberry Pi Pico to manipulate address lines, causing data to be mirrored to attacker-accessible memory locations. This method allows attackers to decrypt data by running their own code within the same memory range, bypassing AMD’s SEV-SNP protections and enabling potential code injection. Both attacks assume attackers have full control over the server’s hardware and software, a scenario previously considered out of scope by Intel and AMD. The attacks rely on DDR4 memory; DDR5’s architectural changes and higher speeds currently prevent similar exploits. These findings highlight inherent limitations in TEE security models, particularly deterministic encryption and physical attack vectors, emphasizing the need for ongoing independent security audits. While these attacks are complex and require physical access, the reduced cost and increased stealth (especially for Battering RAM) broaden the potential threat actors capable of exploiting these vulnerabilities.

For European organizations, especially those utilizing cloud services, virtualized environments, or on-premises servers employing Intel SGX or AMD SEV for sensitive data protection, these attacks pose a significant risk to confidentiality and integrity. Successful exploitation could lead to unauthorized data disclosure, including cryptographic keys and sensitive workloads, undermining trust in TEEs as a security boundary. The ability to inject malicious code (notably via Battering RAM’s circumvention of SEV-SNP) further threatens system integrity and availability by enabling persistent compromise of virtual machines. Although physical access requirements limit the attack surface, insider threats, supply chain compromises, or targeted attacks on data centers could enable exploitation. The demonstrated reduction in attack cost and increased stealth capabilities increase the likelihood that sophisticated threat actors, including nation-states or advanced cybercriminal groups, might attempt such attacks. The impact is particularly critical for sectors handling highly sensitive data such as finance, healthcare, government, and critical infrastructure. The lack of current exploits in the wild and the focus on DDR4 memory modules somewhat mitigate immediate risk, but organizations must anticipate future developments targeting DDR5 and evolving attack techniques.

European organizations should implement layered defenses beyond relying solely on TEEs. Physical security controls must be strengthened to prevent unauthorized hardware access to servers, including tamper-evident seals, surveillance, and strict access policies for data centers. Deploy hardware with DDR5 memory modules where possible, as current attacks target DDR4 architectures. Regularly update and patch firmware and microcode for processors and memory controllers to incorporate vendor mitigations. Employ memory encryption solutions that do not rely on deterministic encryption or that incorporate additional entropy to prevent key derivation from known plaintext attacks. Monitor for anomalous hardware modifications or unexpected memory behavior using hardware attestation and runtime integrity checks. Consider architectural changes such as isolating critical workloads on dedicated hardware or using multi-factor attestation for virtual machines. Engage with cloud providers to understand their physical security and hardware refresh policies, and prefer providers that use newer memory standards and enhanced TEE implementations. Finally, maintain an active threat intelligence program to track developments in TEE vulnerabilities and emerging mitigations.