Researchers break encryption with electrical attacks on security chip

Researchers break encryption with electrical attacks on security chip

When the Olsen gang makes a cunning coup, it usually happens by cutting the power so the alarm doesn’t go off. A similar principle was used by some German security researchers to break into and take control of an American AMD security chip.

By breaking the voltage, it is possible to recover encryption keys and control this ubiquitous processor from AMD, which is used to precisely protect against leaks and hacker attacks from virtual machines.

This is what researchers from the Technical University of Berlin and the Fraunhofer Institute have shown New study recently published.

The security processor is known as AMD Secure Encrypted Virtualization (SEV), and it has the task of increasing the security of virtual machines running in unsecured environments by encrypting memory.

“By manipulating the voltage, we can cause a ROM error on the AMD-SP (security chip, editor’s note), giving us complete control over the root of the trust,” the researchers wrote in the scientific article.

A root of trust is the term for a device that can always be trusted in an encryption system. The security chip is a small Arm Cortex-A5 chip that serves as a root of trust for AMD EPYC CPUs, which are particularly used in data centers.

Code short circuit

This isn’t the first time that security researchers or malicious attackers have used voltage as a way to break into processors.

In fact, the term ‘voltage fault’, i.e. voltage fault, is a well known and simple concept. Even a very short fluctuation in voltage can interfere with the way program code is set up in the processor. If you do it correctly, you can skip a part of the program code where approval in the form of a PIN code or similar is required.

See also  Security researchers: Nearly half of cell phones have vulnerabilities that make it possible to listen to conversations

British security researchers showed a year and a half ago A similar vulnerability in Intel. Intel’s Software Protection Extensions (SGX) technology integrity could have been destroyed by controlling processor voltage while performing area calculations.

ARM’s instruction sets were hacked in the same way, as with older versions of Microsoft Xbox 360 and Sony PlayStation 3. The way to resist this type of attack is to be able to detect changes in voltage.

Requires physical access

Although it sounds simple, it is still relatively limited the number of actual examples of attacks in which voltage has been manipulated.

As readers have discovered, the first prerequisite for this type of attack is physical access to the AMD security chip, so that one can change the voltage and thus control.

Therefore, the risk of the attack is likely to be more limited than if the attack had been done from outside.

But the AMD Secure Encrypted Virtualization (SEV) security chip is specifically designed to prevent system administrators or others with physical access to the devices running virtual machines from taking control.

The example shows that when talking about hacking and malicious attacks, they are far from bugs and weaknesses in the program code that can be changed at will.

If a malicious hacker finds an error, it can be fixed with a software update. But this is not always possible when physical devices are the target of the attack. It became really clear in 2018, when researchers identified two vulnerabilities that were called “Meltdown” and “Spectre”.

They are found in most modern CPUs and take advantage of the fact that by using perfectly legal instructions provided by the CPU, one can read from the “secret” part of the system memory. It makes it possible to read passwords and all other forms of privileged information – in short, a malware buffet.

See also  Solar Cells, Renewable Energy | Solar cells on many roofs: recommends battery backup to avoid grid expansion to the value of NOK 70 billion

This article was first published in The engineer.

Hanisi Anenih

Hanisi Anenih

"Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst."

Leave a Reply

Your email address will not be published. Required fields are marked *