When the Olsen gang makes a cunning coup, it usually happens by cutting the power so the alarm doesn’t go off. A similar principle was used by some German security researchers to break into and take control of an American AMD security chip.
By breaking the voltage, it is possible to recover encryption keys and control this ubiquitous processor from AMD, which is used to precisely protect against leaks and hacker attacks from virtual machines.
This is what researchers from the Technical University of Berlin and the Fraunhofer Institute have shown New study recently published.
The security processor is known as AMD Secure Encrypted Virtualization (SEV), and it has the task of increasing the security of virtual machines running in unsecured environments by encrypting memory.
“By manipulating the voltage, we can cause a ROM error on the AMD-SP (security chip, editor’s note), giving us complete control over the root of the trust,” the researchers wrote in the scientific article.
A root of trust is the term for a device that can always be trusted in an encryption system. The security chip is a small Arm Cortex-A5 chip that serves as a root of trust for AMD EPYC CPUs, which are particularly used in data centers.
Code short circuit
This isn’t the first time that security researchers or malicious attackers have used voltage as a way to break into processors.
In fact, the term ‘voltage fault’, i.e. voltage fault, is a well known and simple concept. Even a very short fluctuation in voltage can interfere with the way program code is set up in the processor. If you do it correctly, you can skip a part of the program code where approval in the form of a PIN code or similar is required.
British security researchers showed a year and a half ago A similar vulnerability in Intel. Intel’s Software Protection Extensions (SGX) technology integrity could have been destroyed by controlling processor voltage while performing area calculations.
ARM’s instruction sets were hacked in the same way, as with older versions of Microsoft Xbox 360 and Sony PlayStation 3. The way to resist this type of attack is to be able to detect changes in voltage.
Requires physical access
Although it sounds simple, it is still relatively limited the number of actual examples of attacks in which voltage has been manipulated.
As readers have discovered, the first prerequisite for this type of attack is physical access to the AMD security chip, so that one can change the voltage and thus control.
Therefore, the risk of the attack is likely to be more limited than if the attack had been done from outside.
But the AMD Secure Encrypted Virtualization (SEV) security chip is specifically designed to prevent system administrators or others with physical access to the devices running virtual machines from taking control.
The example shows that when talking about hacking and malicious attacks, they are far from bugs and weaknesses in the program code that can be changed at will.
If a malicious hacker finds an error, it can be fixed with a software update. But this is not always possible when physical devices are the target of the attack. It became really clear in 2018, when researchers identified two vulnerabilities that were called “Meltdown” and “Spectre”.
They are found in most modern CPUs and take advantage of the fact that by using perfectly legal instructions provided by the CPU, one can read from the “secret” part of the system memory. It makes it possible to read passwords and all other forms of privileged information – in short, a malware buffet.
This article was first published in The engineer.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”