Security News > 2021 > August > Voltage Glitching Attack on AMD Chips Poses Risk to Cloud Environments
Researchers have described a voltage glitching attack that shows AMD's Secure Encrypted Virtualization technology may not provide proper protection for confidential data in cloud environments.
The TU Berlin researchers showed that an attacker who has physical access to the targeted system can gain access to SEV-protected VM memory content by launching a voltage fault injection attack on SP. In order to work as intended, integrated circuits need to operate within specific temperature, clock stability, electromagnetic field, and supply voltage ranges.
Purposefully manipulating one of these parameters is called a glitching attack.
In their voltage glitching attack, the researchers showed that by manipulating the input voltage to AMD chips, they can induce an error in the ROM bootloader of the SP, allowing them to gain full control.
"Furthermore, we showed that the glitching attack enables the extraction of endorsement keys. The endorsement keys play a central role in the remote attestation mechanism of SEV and can be used to mount remote attacks. Even an attacker without physical access to the target host can use extracted endorsement keys to attack SEV-protected VMs. By faking attestation reports, an attacker can pose as a valid target for VM migration to gain access to a VM's data."
While this is not the first research project focusing on voltage glitching attacks or attacks on AMD's SP and SEV, the researchers said that - to the best of their knowledge - this is the first attack affecting all AMD EPYC CPUs.