Researchers have disclosed the details of a new hardware attack that has been demonstrated against AMD and Intel systems, but the chip giants do not appear concerned as the method requires physical access to the targeted device.
The attack method, named Battering RAM, was discovered by a team of academic researchers representing KU Leuven in Belgium and the University of Birmingham and Durham University in the UK.
The researchers late last year disclosed the details of BadRAM, an attack that used $10 equipment to break AMD’s trusted execution environment protections, enabling attackers to gain access to potentially sensitive information stored in memory.
They have now presented Battering RAM, which can bypass modern defenses delivered by Intel and AMD cloud processors.
According to the researchers, the attack can break Intel SGX and AMD SEV-SNP confidential computing technologies that are widely used by cloud providers and designed to protect sensitive data even from malicious insiders and attackers who have access to the host system.
Battering RAM involves planting a device called an interposer between the CPU and the DRAM memory. The interposer, which the researchers managed to build for only $50, is attached to the DIMM and can sit quietly to avoid detection. However, with the flip of a switch, the device can be enabled to silently redirect protected memory addresses to locations controlled by the attacker.
“Our stealthy interposer bypasses both memory encryption and state-of-the-art boot-time defenses, invisible to the operating system,” the researchers explained. “It enables arbitrary plaintext access to SGX-protected memory, and breaks SEV’s attestation feature on fully patched systems. Ultimately, Battering RAM exposes the limits of today’s scalable memory encryption.”
Conducting a Battering RAM attack requires physical access to the targeted system, but the researchers argue that the attacker only needs access to the device for a short amount of time. They believe that in real world environments such attacks may be conducted by rogue cloud employees, data center technicians, law enforcement, and through supply chain attacks targeting memory modules during manufacturing or shipping.
The researchers noted that the interposer they designed only works against DDR4 memory, but they believe a more advanced interposer may be able to conduct attacks on DDR5 as well due to the underlying issue not being fixed.
Intel and AMD were notified about the findings in February 2025. While both vendors published security advisories on Tuesday, the day the research was published, they both pointed out that attacks requiring physical access to the targeted system are not in scope of their products’ threat model.
Intel pointed out that some of its Xeon processors include a feature named Total Memory Encryption – Multi-Key (TME-MK), which can provide additional protection against such attacks. The vendor also urged customers to ensure the physical protection of devices, including through tools provided by the company.
The researchers confirmed that software or firmware updates cannot patch the vulnerability.
In addition to a paper describing the findings, the experts made public all the technical information needed to build a Battering RAM interposer.
Related: Intel TDX Connect Bridges the CPU-GPU Security Gap
Related: Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia
