Thursday, January 16, 2025
HomeCyber Security NewsBadRAM Attack Breaches AMD Secure VMs with $10 Device

BadRAM Attack Breaches AMD Secure VMs with $10 Device

Published on

SIEM as a Service

Follow Us on Google News

Researchers have uncovered a vulnerability that allows attackers to compromise AMD’s Secure Encrypted Virtualization (SEV) technology using a $10 device.

This breakthrough exposes a previously underexplored weakness in memory module security, specifically in cloud computing environments where SEV is widely used to protect sensitive data, which is shared on the BadRAM page.

Modern computers depend on DRAM (dynamic random-access memory) to store code and data, while processors perform computations.

The initial communication between a computer and its DRAM modules determines memory size, speed, and configuration.

However, what happens if a DRAM module deliberately deceives the processor? This study marks the first comprehensive examination of “bad RAM” — rogue memory modules that intentionally provide false data during startup, revealing a new vulnerability in processor security.

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

BadRAM Attack Breaches AMD

Cloud computing has increasingly relied on encryption to safeguard data, particularly in environments where data breaches and insider threats are prevalent.

AMD’s Secure Encrypted Virtualization (SEV) is designed to protect virtual machines (VMs) by encrypting their memory and ensuring isolation even from sophisticated attackers.

However, the research highlights a critical vulnerability where tampering with the embedded Serial Presence Detect (SPD) chip on commercial DRAM modules allows attackers to circumvent SEV protections, including AMD’s advanced SEV-Secure Nested Paging (SEV-SNP) version.

Using off-the-shelf equipment costing less than $10, attackers can deceive the processor into accessing unauthorized encrypted memory.

The BadRAM attack not only compromises the security of AMD SEV but also enables the manipulation of remote attestation reports and the insertion of backdoors into any SEV-protected VM.

In response, AMD has released firmware updates aimed at securely validating memory configurations during the processor’s boot process to mitigate this threat.

In a demonstration, researchers showcased how the BadRAM primitive enables attackers to capture the contents of a memory location in a SEV-SNP VM and replay it, forming the basis for more sophisticated attacks.

This incident underscores the need for heightened vigilance and rapid adaptation in defending against emerging cybersecurity threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property....

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...

FTC Slams GoDaddy For Not Implement Standard Security Practices Following Major Breaches

The Federal Trade Commission (FTC) has announced that it will require GoDaddy Inc. to...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Hackers Exploiting California Wildfire Sparks to Launching Phishing Attacks

As California grapples with devastating wildfires, communities are rallying to protect lives and property....

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

New Botnet Exploiting DNS Records Misconfiguration To Deliver Malware

Botnets are the networks of compromised devices that have evolved significantly since the internet's...