CounterSEVeillance and TDXDown: Unmasking Hidden Threats in Secure Enclaves
Cybersecurity researchers have recently uncovered a series of vulnerabilities in Trusted Execution Environments (TEE) of AMD and Intel processors. One such attack, dubbed CounterSEVeillance, targets AMD’s Secure Encrypted Virtualization (SEV) technology, including the SEV-SNP extension, which safeguards confidential virtual machines (VMs) even in shared hosting environments. Researchers from Graz University of Technology and Fraunhofer Institutes presented a technique that leverages side channels and performance counters to monitor each stage of instruction execution within a VM.
The team demonstrated that CounterSEVeillance can extract an RSA-4096 key in just a few minutes and retrieve time-based one-time passwords (TOTP) in 30 attempts. For the attack to be successful, an adversary needs high-level access to the host machine running isolated VMs. In a hypothetical attack scenario, the threat could originate from a cloud service provider or government-sponsored hacking groups.
Simultaneously, another attack method—TDXDown—was introduced by researchers from the University of Lübeck. It focuses on bypassing the protection offered by Intel’s Trust Domain Extensions (TDX) technology. Despite built-in mechanisms designed to prevent step-by-step attacks, researchers identified a vulnerability allowing these defenses to be circumvented. They also demonstrated the StumbleStepping method, which successfully recovered ECDSA keys.
Both manufacturers responded swiftly to the discovered attacks. AMD acknowledged that performance counters are not protected by SEV and SEV-SNP and advised developers to avoid using sensitive data within managed flows. The company also announced plans to virtualize counters in its upcoming Zen 5-based products.
Intel, on the other hand, addressed the TDXDown vulnerability, assigning it the identifier CVE-2024-27457, noting that the issue poses a low risk in real-world conditions. At the same time, the StumbleStepping technique, according to Intel, falls outside the protection scope of current mechanisms, and thus, no CVE will be assigned.
These findings underscore that even the most advanced security technologies are not immune to new attack vectors, highlighting the need for continuous improvement of security mechanisms and the consideration of hidden threats capable of penetrating trusted environments.
