Security researchers have denied AMD’s claim that the recently described attack on its chips poses no real threat.
Earlier this month, a group of security researchers at the Technical University of Berlin presented a way to bypass the SEV (Secure Encrypted Virtualization) technology used in all AMD EPYC processors to protect virtual machines from malicious operating systems. Specifically, the researchers demonstrated how an attacker with physical access to an attacked system could gain access to the memory of a SEV-protected virtual machine using voltage manipulation on the AMD Secure Processor.
In response to the publication of the study, AMD stated that the presented attack is very difficult to implement in practice since it requires physical access to the server. However, researchers disagree with AMD’s statement.
One of the authors of the work, Robert Buhren, contacted TechRadar Pro and denied the company’s statement. According to him, the attacker must have physical access to any EPYC processor, and not necessarily to the processor running the attacked virtual machine.
“A malicious administrator can buy a CPU somewhere and use the keys extracted from it on systems in the data centre. In my opinion, this makes the attack even more dangerous, since no physical interaction with machines in data centres is required, ”Buren said.
According to the researcher, the attack described by his team allows attackers to use keys extracted from one AMD EPYC processor to attack a virtual machine running on another AMD CPU with the same microarchitecture.
Buuren mentioned his team’s previous research that published PoC code that allows a malicious administrator to carry out attacks similar to those described in a recent study. PoC demonstrates how an attacker can use keys from a single AMD processor to extract memory from a SEV-protected virtual machine.
As the researcher explained, the glitch attack recently presented by his team allows extracting data from all three generations of Zen processors, in essence, allowing PoC code to work on all AMD processors that support SEV.
To make matters worse, Buren noted, since the glitch attack is not a firmware-level issue, it will work regardless of whether AMD releases an update or not.
Catch up on more articles here
Follow us on Twitter here