Cybersecurity researchers have recently uncovered vulnerabilities in protected AMD and Intel processors. One such attack, known as Countersveillance, targets the technology of Secure Encrypted Virtualization (SEV), specifically the SEV-SNP expansion designed to safeguard confidential virtual machines (VM) even in general hosting conditions. Researchers from the University of Technological University and Fraunhofer institutes have devised a methodology using side channels and performance counters to track each stage of instructions in VM. (Source: Read more)
The team behind Countersveillance demonstrated that the RSA-4096 key can be extracted in just a few minutes, and disposable passwords (TOTP) can be obtained within 30 attempts. This attack requires high-level access to a host machine operating isolated VMs. The threat could potentially originate from cloud service providers or hacker groups backed by certain governments.
Simultaneously, another attack method called TDXDown, devised by scientists from the University of Lubeck, aims to bypass protection in Trust Domain Extensions (TDX) from Intel. Despite built-in mechanisms to prevent step-by-step attacks, researchers identified a vulnerability that allows these measures to be circumvented. They also demonstrated the Stumblesteping method for restoring ECDSA keys. (Source: Learn more)
Both AMD and Intel responded quickly to the identified attacks. AMD acknowledged that productive meters are not safeguarded by SEV and SEV-SNP, advising developers to refrain from using secret data in controlled flows. They also announced plans to virtualize meters in future products based on Zen 5. On the other hand, Intel addressed the TDXDown vulnerability and assigned it the identifier CVE-2024-27457, indicating a low risk in real conditions. They noted that the Stumblesteping technique does not fall under the protection of current mechanisms, therefore a CVE will not be assigned to it. (Sources: AMD Bulletin, Intel Announcement, CVE Details)
These findings highlight the susceptibility of even the most advanced protection technologies to new