In the cloud era, protections baked into chips from Intel and AMD—TEEs, or Trusted Execution Enclaves—are meant to shield secrets and sensitive operations even if servers are compromised. These protections guard data used by cloud services and are relied upon by major providers and apps that require strong confidentiality, such as messaging and communication tools. Intel’s SGX and AMD’s SEV-SNP are two leading implementations that crypto-protect memory while keeping performance in mind.
Two independent research efforts published this week reveal two distinct physical-attack techniques that undermine these enclaves. Battering RAM defeats both SGX and SEV-SNP by using a memory interposer to observe and manipulate data as it travels between the CPU and memory. The attackers can not only read encrypted data but also replay or alter it to introduce backdoors or corrupt information, exploiting the determinism in memory encryption.
The second attack, Wiretap, focuses on passive decryption of data protected by SGX. It also relies on an interposer and a deterministic encryption scheme but aims to do so without actively altering the data, remaining stealthy while recording ciphertext and recovering sensitive information over time.
Both attacks hinge on a small hardware device known as an interposer that sits between CPU silicon and memory modules. By observing the ciphertext produced when the same plaintext is written to the same memory address, the interposer can capture data and, in some cases, replay it or derive encryption keys. This determinism in SGX and SEV-SNP encryption means that identical inputs can yield identical ciphertexts, opening a channel for these hardware-based exploits.
The revelations come amid a broader conversation about threat models for TEEs. Industry responses so far have been limited, with Intel and AMD not publicly commenting on these papers. The researchers also note that the attacks target DDR4 memory; newer DDR5-based approaches, such as Intel’s newer TDX offering, appear less exposed to these specific methods, though hardware and architectural changes may be required for deeper protection. Some cloud services—including blockchain-focused deployments—continue to rely on TEEs, underscoring the real-world impact of these findings.
