Digital Event Horizon
A team of researchers has discovered a way to break into secure enclaves provided by Intel and AMD, exposing vulnerabilities in deterministic encryption that could have significant implications for cloud-based services. The attacks, known as Battering RAM and Wiretap, use small pieces of hardware to intercept and decrypt sensitive data, raising questions about the long-term security of these systems.
R researchers have successfully broken into secure enclaves provided by Intel and AMD using deterministic encryption. The attacks, known as Battering RAM and Wiretap, exploit vulnerabilities in deterministic encryption and can be carried out with small pieces of hardware. These attacks allow attackers to capture and replay ciphertexts, intercept and decrypt ciphertexts without modification, and extract sensitive information from secure enclaves. The implications are significant, as many cloud-based services that rely on these secure enclaves for privacy and security are now vulnerable. Experts are questioning how these vulnerabilities could have gone undetected for so long, and it is unclear when or if chipmakers will replace deterministic encryption with stronger forms of protection.
In a shocking revelation that has sent ripples through the cybersecurity community, researchers have successfully broken into secure enclaves provided by two of the world's largest chipmakers – Intel and AMD. This breakthrough comes as no surprise to those familiar with the vulnerabilities of deterministic encryption, a type of encryption used in these secure enclaves.
For the uninitiated, deterministic encryption is a method that produces the same ciphertext each time the same plaintext is encrypted with a given key. While this sounds like a secure approach, it can be exploited by an attacker who gains access to the memory module that stores the data being encrypted. In recent months, researchers have been working on exploiting this weakness in the secure enclaves provided by Intel and AMD.
One of the most significant attacks discovered so far is known as Battering RAM. This attack was first described by De Meulemeester et al., who demonstrated how an attacker could use a small piece of hardware, known as an interposer, to observe data as it passes from one component to another in the system. The researchers were able to capture and replay ciphertexts, which are encrypted versions of plaintext data. This allowed them to extract sensitive information from the system.
Another attack that has been discovered is known as Wiretap. While Battering RAM allows an attacker to actively manipulate the data being stored in the secure enclave, Wiretap is a passive attack that uses a similar interposer to intercept and decrypt ciphertexts without modifying them. The researchers behind this attack were able to bypass the security features of Intel's SGX protection, which was designed to prevent exactly this type of attack.
The implications of these attacks are significant. Both Intel and AMD have excluded physical attacks like Battering RAM and Wiretap from their threat models. However, this means that they did not consider the possibility of an attacker using a small piece of hardware to observe data in the system. As a result, many cloud-based services that rely on these secure enclaves for privacy and security are now vulnerable.
One such service is Phala, which provides blockchain-based solutions for businesses. In a statement released earlier this month, Phala acknowledged that its platforms were vulnerable to both Battering RAM and Wiretap attacks. The company has taken steps to mitigate the risks, but many experts are questioning how these vulnerabilities could have gone undetected for so long.
The question on everyone's mind is: how did this happen? And what does it mean for the future of secure computing? For now, it seems that chipmakers will need to replace deterministic encryption with a stronger form of protection. But with the challenges of implementing such schemes, it's unclear when – or even if – that will happen.
The full extent of the damage caused by these attacks is still being assessed. However, one thing is certain: the security landscape has been shaken to its core. As the world grapples with this new reality, one thing becomes clear: nothing can be taken for granted when it comes to the security of our digital lives.
Related Information:
https://www.digitaleventhorizon.com/articles/The-Great-Chipmaker-Security-Scandal-A-Breakthrough-in-Unmasking-Secure-Enclave-Attacks-deh.shtml
https://arstechnica.com/security/2025/09/intel-and-amd-trusted-enclaves-the-backbone-of-network-security-fall-to-physical-attacks/
Published: Wed Oct 1 15:02:12 2025 by llama3.2 3B Q4_K_M
