How hackers can steal your data from secure storage.
ETH Zurich specialists have discovered vulnerabilities in modern security mechanisms of AMD and Intel chips, which threatens data protection in cloud services. The discovery could have significant implications for many large cloud service providers.
In recent years, hardware vendors have been developing technologies to securely process sensitive data on shared cloud resources. The method, known as confidential computing, involves protecting data during processing by isolating it in a special area that is inaccessible to other users and even the cloud service provider.
Researchers have identified problems in the server hardware used by AMD and Intel. 2 attack scenarios were conducted using the interrupt mechanism, which temporarily disrupts standard data processing to perform other tasks. Interrupts, as it turned out, can become a channel for hacker attacks on confidential computing systems.
In total, there are 256 different interrupts, each of which triggers a specific sequence of program commands. The authors of the paper noted that interrupts are a minor problem: ensuring their systematic protection was simply overlooked. The study will be presented at the IEEE Symposium on Security and Privacy, as well as the USENIX Symposium on Security in 2024.
Attack scenarios developed by the ETH Zurich group:
Ahoi (Attack
The attack scenario uses interrupts that can be coordinated to send through the hypervisor, the software used by cloud providers to manage resources. Here, the hypervisor is used to send synchronized interrupts to a system protected by a Trusted Execution Environment (TEE). This allows attackers to bypass the security and gain access to the protected system.
By sending coordinated interrupts, the scientists managed to obfuscate the TEE-protected system, and they were able to gain root access. The Heckler attack mixes interrupts in such a way that the system starts performing unwanted actions, even granting root access. As a result of the attack, it was found that AMD and Intel have different levels of vulnerability to different interrupts.
WeSee Attack
The attack scenario affects only AMD hardware and is related to improvements that the company introduced to facilitate communication between the TEE and the hypervisor. As a result of a special interrupt, the system may inadvertently disclose sensitive data or even execute external programs. The attack highlights problems in the defense mechanisms that were supposed to isolate the TEE from external influences.
The most vulnerable technologies were AMD. The researchers determined that previous security measures offered by the company were insufficient. However, steps have already been taken to correct this situation.
The discovery is part of a broader project to build a wiretap-proof smartphone based on confidential computing. The ETH Zurich Group is committed to ensuring that iPhone and Android users can fully control their data and apps, regardless of operating systems.
ETH Zurich specialists have discovered vulnerabilities in modern security mechanisms of AMD and Intel chips, which threatens data protection in cloud services. The discovery could have significant implications for many large cloud service providers.
In recent years, hardware vendors have been developing technologies to securely process sensitive data on shared cloud resources. The method, known as confidential computing, involves protecting data during processing by isolating it in a special area that is inaccessible to other users and even the cloud service provider.
Researchers have identified problems in the server hardware used by AMD and Intel. 2 attack scenarios were conducted using the interrupt mechanism, which temporarily disrupts standard data processing to perform other tasks. Interrupts, as it turned out, can become a channel for hacker attacks on confidential computing systems.
In total, there are 256 different interrupts, each of which triggers a specific sequence of program commands. The authors of the paper noted that interrupts are a minor problem: ensuring their systematic protection was simply overlooked. The study will be presented at the IEEE Symposium on Security and Privacy, as well as the USENIX Symposium on Security in 2024.
Attack scenarios developed by the ETH Zurich group:
Ahoi (Attack
The attack scenario uses interrupts that can be coordinated to send through the hypervisor, the software used by cloud providers to manage resources. Here, the hypervisor is used to send synchronized interrupts to a system protected by a Trusted Execution Environment (TEE). This allows attackers to bypass the security and gain access to the protected system.
By sending coordinated interrupts, the scientists managed to obfuscate the TEE-protected system, and they were able to gain root access. The Heckler attack mixes interrupts in such a way that the system starts performing unwanted actions, even granting root access. As a result of the attack, it was found that AMD and Intel have different levels of vulnerability to different interrupts.
WeSee Attack
The attack scenario affects only AMD hardware and is related to improvements that the company introduced to facilitate communication between the TEE and the hypervisor. As a result of a special interrupt, the system may inadvertently disclose sensitive data or even execute external programs. The attack highlights problems in the defense mechanisms that were supposed to isolate the TEE from external influences.
The most vulnerable technologies were AMD. The researchers determined that previous security measures offered by the company were insufficient. However, steps have already been taken to correct this situation.
The discovery is part of a broader project to build a wiretap-proof smartphone based on confidential computing. The ETH Zurich Group is committed to ensuring that iPhone and Android users can fully control their data and apps, regardless of operating systems.
