Cloud apps like Signal, WhatsApp, and even blockchain systems trust something called a Trusted Execution Environment (TEE) to keep sensitive data safe. But this week, researchers cracked open those defenses — using tools you could buy for less than $50.
Let’s talk about what’s at stake, how these attacks work, and why chipmakers like Intel and AMD might need a hardware rethink.
What are TEEs and why should you care?
Photo by Cokile Ceoi on Unsplash
Trusted Execution Environments (TEEs) are a kind of secure space inside your computer’s processor. When you’re running a security-critical task, like end-to-end encrypted messaging, banking, or executing a smart contract on a blockchain, that process can be tucked away in a TEE — isolated from the rest of the system, even if the operating system is compromised.
Intel’s version is called SGX. AMD’s is SEV-SNP. They’ve been sold as critical safeguards for cloud workloads and widely adopted by cloud services.
But here’s the kicker: these TEEs depend on encryption that’s predictable.
That’s where the trouble begins.
Two different attacks, same bottom line
On Tuesday, two teams of researchers revealed separate methods that completely undermine these TEEs — and they did it using physical attacks. Meet Battering RAM and Wiretap.
1. Battering RAM: Decryption on a shoestring budget
- Works against both Intel SGX and AMD SEV-SNP
- Uses hardware that costs under $50
- Allows both reading and writing of encrypted data
Photo by Wolfgang Rottmann on Unsplash
Battering RAM uses a tiny piece of hardware called an interposer. Installed physically between the CPU and the memory chip (like via supply-chain compromise), it spies on data flying back and forth. Because SGX and SEV-SNP use deterministic encryption — the same inputs always produce the same encrypted output — this opens the system up to “replay attacks.”
By cleverly duplicating where data is written in memory, the attacker can grab encrypted data, then replay it later in a way that the enclave happily decrypts and accepts as valid.
For Intel’s SGX, this means attackers can extract secret encryption keys or even implant backdoor software. On AMD’s side, Battering RAM can trick the system into thinking it’s seeing a certified, totally legit virtual machine — when it’s really one that’s been tampered with.
2. Wiretap: More expensive, more discreet
- Targets Intel SGX using DDR4 memory
- Only reads encrypted data (can’t write or modify)
- Hardware costs between $500 and $1,000
Wiretap is more like a crafty eavesdropper. It overlays encrypted messages with a guessable dictionary of known values, revealing sensitive data one word at a time. Think of it like decrypting an encrypted sentence if you already know all the possible words that might appear.
By doing this, Wiretap was able to recover cryptographic keys used by SGX. That’s a big deal because it breaks something called “remote attestation” — a process used to verify that a program is both legitimate and untampered.
That’s the same feature used by many cloud-based blockchain systems to keep contracts private and trustworthy.
Blockchain services: still trusting the broken lock
Interestingly, some projects never got the memo that physical attacks were outside the threat model of TEEs.
Take Phala, for example — a privacy-focused blockchain that executes smart contracts inside SGX, AMD SEV-SNP, or Arm’s TrustZone. The idea is that no node in the network can peek into the contract, keeping things confidential.
But Wiretap blew right through that.
Researchers set up a local test version of Phala’s system. Then, with access to SGX’s attestation key — obtained through Wiretap — they were able to trick the system into handing over the master keys. That gave them the power to decrypt every single contract on the network.
Similar bypasses worked against Secret Network, Crust, and IntegriTEE. After researchers informed the companies, some raced to add mitigations.
Why deterministic encryption is the weak link
Photo by Markus Winkler on Unsplash
Both attacks point the finger at the same design flaw: deterministic encryption.
Because the same data always creates the same encrypted output, it makes analysis easier for an attacker watching the traffic. The chipmakers defend this choice by arguing it’s necessary for performance and scalability — especially when encrypting huge amounts of RAM in servers.
But as Daniel Genkin, one of the Wiretap researchers, put it: “It offers better performance at the expense of security.”
Intel and AMD both say their TEEs aren’t meant to defend against physical attacks — and technically, that’s true. But today’s cloud systems clearly still trust them for much more than that.
So what now?
Fixing this isn’t as simple as a software patch. It likely requires changes down at the hardware level — replacing deterministic encryption with something stronger, like probabilistic encryption, which makes the same input encrypt differently each time.
But that would need to scale well to large memory sizes without ruining performance — a serious challenge.
In the meantime, there’s a hard truth we’re all going to have to sit with: the foundations of cloud data privacy aren’t as solid as we thought. And if low-cost hardware can shatter those guarantees, it might be time for tech companies to rethink what counts as “secure.”
Key Takeaways:
- Both Intel SGX and AMD SEV-SNP can be bypassed with cheap hardware attacks
- Battering RAM allows active tampering of encrypted data
- Wiretap enables passive decryption and access to private blockchain keys
- Physical attacks lie outside chipmakers’ official threat model
- But many cloud systems still trust TEEs with their most sensitive operations
- Real fix may require redesigning encryption at the hardware level
That’s where things stand today. If your system relies on TEEs, maybe double-check it doesn’t assume they’re invincible. Because they’re not.
Keywords: Trusted Execution Environment, cloud security, Intel SGX, AMD SEV-SNP, hardware hacks, Battering RAM, Wiretap attack, blockchain privacy, deterministic encryption
