Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs

Intel and AMD respond to new attack methods named TDXDown and CounterSEVeillance that can be used against TDX and SEV technology.

Trusted execution environment (TEE) vulnerabilities

Security researchers continue to find ways to attack Intel and AMD processors, and the chip giants over the past week have issued responses to separate research targeting their products.

The research projects were aimed at Intel and AMD trusted execution environments (TEEs), which are designed to protect code and data by isolating the protected application or virtual machine (VM) from the operating system and other software running on the same physical system. 

On Monday, a team of researchers representing the Graz University of Technology in Austria, the Fraunhofer Institute for Secure Information Technology (SIT) in Germany, and Fraunhofer Austria Research published a paper describing a new attack method targeting AMD processors. 

The attack method, named CounterSEVeillance, targets AMD’s Secure Encrypted Virtualization (SEV) TEE, specifically the SEV-SNP extension, which is designed to provide protection for confidential VMs even when they are running in a shared hosting environment. 

CounterSEVeillance is a side-channel attack targeting performance counters, which are used to count certain types of hardware events (such as instructions executed and cache misses) and which can aid in the identification of application bottlenecks, excessive resource consumption, and even attacks. 

CounterSEVeillance also leverages single-stepping, a technique that can allow threat actors to observe the execution of a TEE instruction by instruction, enabling side-channel attacks and exposing potentially sensitive information. 

“By single-stepping a confidential virtual machine and reading hardware performance counters after each step, a malicious hypervisor can observe the outcomes of secret-dependent conditional branches and the duration of secret-dependent divisions,” the researchers explained.

They demonstrated the impact of CounterSEVeillance by extracting a full RSA-4096 key from a single Mbed TLS signature process in minutes, and by recovering a six-digit time-based one-time password (TOTP) with roughly 30 guesses. They also showed that the method can be used to leak the secret key from which the TOTPs are derived, and for plaintext-checking attacks

Advertisement. Scroll to continue reading.

Conducting a CounterSEVeillance attack requires high-privileged access to the machines that host hardware-isolated VMs — these VMs are known as trust domains (TDs). The most obvious attacker would be the cloud service provider itself, but attacks could also be conducted by a state-sponsored threat actor (particularly in its own country), or other well-funded hackers that can obtain the necessary access.

“For our attack scenario, the cloud provider runs a modified hypervisor on the host. The attacked confidential virtual machine runs as a guest under the modified hypervisor,” explained Stefan Gast, one of the researchers involved in this project. 

“Attacks from untrusted hypervisors running on the host are exactly what technologies like AMD SEV or Intel TDX are trying to prevent,” the researcher noted.

Gast told SecurityWeek that in principle their threat model is very similar to that of the recent TDXDown attack, which targets Intel’s Trust Domain Extensions (TDX) TEE technology.

The TDXDown attack method was disclosed last week by researchers from the University of Lübeck in Germany.

Intel TDX includes a dedicated mechanism to mitigate single-stepping attacks. With the TDXDown attack, researchers showed how flaws in this mitigation mechanism can be leveraged to bypass the protection and conduct single-stepping attacks. Combining this with another flaw, named StumbleStepping, the researchers managed to recover ECDSA keys.

Response from AMD and Intel

In an advisory published on Monday, AMD said performance counters are not protected by SEV, SEV-ES, or SEV-SNP.  

“AMD recommends software developers employ existing best practices, including avoiding secret-dependent data accesses or control flows where appropriate to help mitigate this potential vulnerability,” the company said.

It added, “AMD has defined support for performance counter virtualization in APM Vol 2, section 15.39.  PMC virtualization, planned for availability on AMD products starting with Zen 5, is designed to protect performance counters from the type of monitoring described by the researchers.”

Intel has updated TDX to address the TDXDown attack, but considers it a ‘low severity’ issue and has pointed out that it “represents very little risk in real world environments”. The company has assigned it CVE-2024-27457.

As for StumbleStepping, Intel said it “does not consider this technique to be in the scope of the defense-in-depth mechanisms” and decided not to assign it a CVE identifier. 

Related: New TikTag Attack Targets Arm CPU Security Feature 

Related: GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU

Related: Researchers Resurrect Spectre v2 Attack Against Intel CPUs

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.