The team at Technische Universität Berlin has devised an attack that defeats the system of protecting the data in virtual machines from rogue administrators in cloud environments.
In a paper with the Lord of the Ring’s inspired title "One Glitch to Rule Them All: Fault Injection Attacks Against AMD’s Secure Encrypted Virtualisation", Robert Buhren, Hans Niklas Jacob, Thilo Krachenfels, and Jean-Pierre Seifert from TU Berlin's Security in Telecommunications group, spill the beans on how they mounted a voltage fault injection attack.
This shocking method allowed them to recover secret encryption keys and execute arbitrary code on all AMD chips with Secure Processors (SP).
"By manipulating the input voltage to AMD systems on a chip (SoCs), we induce an error in the read-only memory (ROM) bootloader of the AMD-SP, allowing us to gain full control over this root-of-trust", the researchers explain in their paper.
The attack was inspired by a separate cunning plan, dubbed Voltpillager, used to defeat Intel's Software Guard Extensions (SGX), a similar secure enclave system for x86 microarchitecture.
To carry out the attack all they needed were off-the-shelf components including a $30 µController (microcontroller) and a $12 flash programmer. Non-material prerequisites pose more of a challenge – they include insider access at a cloud company, an opportunity to attach wires to the server motherboard without arousing suspicion, and some technical proficiency.