$50 Hardware Attack Bypass: Researchers Expose Critical Flaw in Intel SGX and AMD SEV-SNP Trusted Computing
A team of researchers has developed a simple hardware tool that calls into question the very foundations of trusted computing in modern cloud environments. With a device costing less than fifty dollars, they successfully bypassed the hardware defenses of Intel Scalable SGX and AMD SEV-SNP, which underpin Trusted Execution Environments (TEEs). These technologies form the basis of confidential computing adopted by the world’s largest cloud providers, protecting data in memory from privileged attacks and physical access, including cold-boot exploits and memory bus interception.
The device itself is a DDR4 interposer placed between the CPU and the memory module. By manipulating address lines, it creates dynamic memory aliases invisible to built-in security mechanisms. Unlike static SPD-based attacks, which Intel and AMD had already mitigated with firmware updates, the dynamic nature of the interposer allows it to evade boot-time verification and operate in real time. This effectively reduces attacks once requiring specialized equipment worth hundreds of thousands of dollars to an accessible method achievable with minimal cost and only basic engineering skills.
On systems running Intel Scalable SGX, the researchers demonstrated for the first time that the use of a single key across the entire memory range makes it possible to read and write arbitrary data within secure enclaves. They were able to extract the platform provisioning key, a cornerstone of the remote attestation mechanism. This entirely breaks the chain of trust, enabling attackers to generate counterfeit attestations without access to the actual hardware — thereby undermining the integrity guarantees of cloud services at their core.
In the case of AMD SEV-SNP, the team showed how to bypass the new ALIAS_CHECK defenses, designed to block BadRAM-style attacks. Their method revived attack scenarios thought to be mitigated, including block substitution and ciphertext replay. This enables the creation of forged virtual machines that pass remote verification as legitimate, effectively collapsing the trust model of the SEV ecosystem.
The device is constructed from readily available parts: a printed circuit board, a Raspberry Pi Pico 2 microcontroller, and a pair of analog switches. The total cost came to less than fifty dollars — orders of magnitude cheaper than professional DDR4 analyzers. The attacks execute deterministically and swiftly, without requiring expensive setups or specialized lab conditions.
The findings reveal that even updated platforms with the latest Intel and AMD firmware remain vulnerable to simple physical attacks if an adversary can obtain temporary server access. This could involve a rogue cloud provider employee, a compromised supply chain, or even state actors with seized hardware. The researchers warn that such threats cannot be dismissed lightly, since memory encryption was specifically introduced to mitigate them.
Intel was notified in January 2025 and AMD in February 2025. Both acknowledged the vulnerability but maintained that physical access lies outside their threat models. Arm, informed of the method’s potential applicability to its CCA architecture, likewise stated that physical access is not covered by its guarantees. After the embargo expired, the project was published openly, including source materials and interposer firmware, on GitHub.
The authors stress that the move toward scalable TEEs has weakened cryptographic guarantees in the name of performance and full-memory support. What was once considered a secure design has proven vulnerable to low-budget hardware attacks. They conclude that future protections may only be achievable through a return to stricter cryptographic methods or a transition to integrated memory architectures where physical access to the bus is no longer possible.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
