Attack bypasses AMD protection promising security, even when a server is compromised.
On Tuesday, an international team of researchers unveiled BadRAM, a proof-of-concept attack that completely undermines security assurances that chipmaker AMD makes to users of one of its most expensive and well-fortified microprocessor product lines. Starting with the AMD Epyc 7003 processor, a feature known as SEV-SNP—short for Secure Encrypted Virtualization and Secure Nested Paging—has provided the cryptographic means for certifying that a VM hasn’t been compromised by any sort of backdoor installed by someone with access to the physical machine running it.
Looks like AMD has already patched it, also appears to affect older Intel versions of the same tech concept but not current generations.
Only really affects guests in multi tenant hypervisor environments, requires physical access to the hypervisor, requires external physical hardware, requires booting the host with said hardware attached, at some point this level of compromise is already absurd. This kind of research is important and shows that we still need to limit out level of trust with host providers but I don't think anyone needs to panic.
My favorite computer vulnerability is when a state actor kidnaps me and attaches high voltage jumpers to my ballsack with the threat of frying them if I don't give up my NFT seed phrase.
My second favorite vulnerability is when a common robber steals my Daddy Tate Tokens from my shadow encrypted, quantum hardened disk by breaking my kneecaps with a $5 wrench.
My favorite computer vulnerability is when a state actor kidnaps me and attaches high voltage jumpers to my ballsack with the threat of frying them if I don’t give up my NFT seed phrase
There's no need to bring your OnlyFans subscriptions into this discussion. You do you.
I'm not really surprised, common wisdom is if someone malicious has hardware access to a machine it's compromised. And if you don't trust your hosting provider to not tamper with your machine, you should really find a new provider (or buy your own server).
The "trusted execution environment" thing was an attempt to make the system less vulnerable to exploitation through physical access. As we can see, it works about as well as expected.