International Study by KU Leuven Reveals Major Cloud Server Security Flaw

Researchers from KU Leuven and the universities of Birmingham and Lübeck have managed to bypass advanced security technology in AMD processors. Their innovative attack technique, called ‘BadRAM’, exploits a vulnerability in the communication between the processor and the memory. AMD has since fixed the security problem.

Over the past few years, computer scientists and cryptographers from KU Leuven have already exposed several important security issues in widespread ICT infrastructure. Among other things, vulnerabilities in Intel processors came to light. In their new research, the KU Leuven scientists took a different approach: both in their method and in terms of their ‘target’.

“In much of our previous research, the focus was on potential vulnerabilities in the processor,” says Professor Jo Van Bulck (DistriNet, Department of Computer Science). “In this new study, we shifted our attention to the communication between the processor, the heart of the computer that performs the calculations, and the memory, which stores the calculated values. Moreover, this time it involved systems from AMD, Intel’s biggest challenger in the desktop and server processor market at the moment.”

Misleading chip

With the attack ‘BadRAM’, researchers from KU Leuven, in collaboration with the universities of Birmingham and Lübeck, managed to bypass advanced security technology in AMD processors. They succeeded by interfering with the communication between the processor and the memory.

“This communication takes place via a chip, the so-called SPD,” explains Jesse De Meulemeester, researcher at COSIC (Department of Electrical Engineering). “At start-up, this chip tells the processor what the available memory is each time. With our attack, we deceive the processor, making it seem as if there is more memory than is actually the case. This deception creates a backdoor that gives us access to stored data, as well as the possibility to overwrite it.”

In this way, the international research team was able to bypass AMD’s SEV (Secure Encrypted Virtualization) security technology. SEV is designed as an ultra-secure vault to store privacy-sensitive data, such as medical data, safely and encrypted in public cloud servers.

More competition, less safety

The researchers informed AMD of their new attack technique in February of this year and agreed to a long embargo period, which is common for this type of research. This allowed the manufacturer to develop updates to close the hole. These updates have now been applied by the cloud providers, so end users no longer have anything to fear.

“AMD has gained market share in recent years, putting pressure on Intel. However, this increased competition does not always seem to benefit the security of their systems,” Professor Van Bulck points out. “Both companies have increasingly emphasized speed and user-friendliness, which of course seems commercially attractive. However, as cybersecurity researchers, it is our job to critically evaluate the latest technologies and expose the security risks that often lie behind this speed gain.