top of page
Betterworld Logo

Low-Cost 'Battering RAM' Attack Undermines Intel and AMD Cloud Security

Updated: Oct 7

A newly disclosed hardware attack, dubbed "Battering RAM," can bypass sophisticated security protections in Intel and AMD cloud processors using a device costing as little as $50. Researchers have demonstrated how this attack can compromise confidential computing technologies like Intel SGX and AMD SEV-SNP, potentially exposing sensitive data in cloud environments.

Intel | BetterWorld Technology

Key Takeaways

  • A $50 hardware interposer can bypass Intel SGX and AMD SEV-SNP protections.

  • The attack requires physical access to the target device but only for a short duration.

  • It exploits vulnerabilities in memory encryption and boot-time defenses.

  • Software or firmware updates cannot patch this vulnerability.

  • Intel and AMD state that physical access attacks are out of their product's threat model.

The Battering RAM Attack Explained

The Battering RAM attack involves a custom-built hardware device, called an interposer, placed between the CPU and its DRAM memory. This interposer is designed to be stealthy, passing all security checks during system startup. Once the system is operational and considers memory secure, the interposer can be activated with a simple switch.

Upon activation, the device silently redirects protected memory addresses to locations controlled by the attacker. This allows for arbitrary plaintext access to memory protected by Intel SGX or the corruption and replay of encrypted memory in AMD SEV-SNP systems. The researchers highlight that this method bypasses both memory encryption and state-of-the-art boot-time defenses, remaining invisible to the operating system.

Impact on Cloud Security

Confidential computing technologies like Intel SGX and AMD SEV-SNP are crucial for cloud providers, designed to protect sensitive data even from malicious insiders or compromised host systems. Battering RAM directly targets these defenses, potentially enabling attackers to gain unauthorized access to encrypted data, compromise remote attestation features, or insert backdoors into virtual machines.

The attack is particularly concerning as it affects DDR4 memory, which is widely used in current systems. While the researchers' current interposer is designed for DDR4, they believe a similar approach could be developed for DDR5. The exploit operates at a hardware level, below the operating system and hypervisor, making it difficult for software-based security measures to detect or prevent.

Vendor Response and Limitations

Intel and AMD were notified of the findings in February 2025. Both companies issued security advisories acknowledging the research but stated that attacks requiring physical access are outside the scope of their product's threat model. Intel suggested that features like Total Memory Encryption – Multi-Key (TME-MK) can offer additional protection and urged customers to ensure physical security of their devices.

The researchers confirmed that this vulnerability cannot be patched through software or firmware updates, as it stems from fundamental design choices in scalable memory encryption. They have made the technical details and schematics for building the Battering RAM interposer publicly available, increasing the potential risk of its adoption by malicious actors. Addressing this vulnerability would likely require a redesign of memory encryption protocols, including adding cryptographic integrity checks and verifying memory mapping throughout system runtime.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Key Takeaways

  • Battering RAM Attack Breaks Intel and AMD Security Tech With $50 Device, SecurityWeek.

  • New $50 Battering RAM Attack Breaks Intel and AMD Cloud Security Protections, The Hacker News.

  • Battering RAM Exploit Bypasses Modern Protections in Intel, AMD Cloud Processors, GBHackers News.

Join our mailing list

bottom of page