- The best small tablets of 2024: Expert tested and reviewed
- I test smart home devices for a living and the smart plug I use for my Christmas tree is $8
- Is your phone infected with Pegasus spyware? This $1 app can check
- Let’s Get Containerized: Simplifying Complexity for Modern Businesses | Docker
- AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
AMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed.
Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium, and the University of Birmingham in the UK, the proposed attack is conceptually simple as well as cheap: trick the CPU into thinking it has more memory than it really has, using a rogue memory module, and get it to write its supposedly secret memory contents to the “ghost” space.
The researchers achieved this using a test rig anyone could buy, consisting of a Raspberry Pi Pico, costing a few dollars, and a DIMM socket to hold DDR4/5 RAM modules. First, they manipulated the serial presence detect (SPD) chip built into the memory module to misreport the amount of onboard memory when booting up — the “BadRAM” part of the attack.
