- Oura Ring users are refreshing their wearables with this clever design hack
- How I used ChatGPT to analyze my massive Kindle library - and the mysteries it revealed
- Author of the Month: Richard Bingley - IT Governance Blog
- I took this 130-pound power station on an off-grid adventure - here's my buying advice
- Mystery Box Scams Deployed to Steal Credit Card Data
AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
AMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed.
Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium, and the University of Birmingham in the UK, the proposed attack is conceptually simple as well as cheap: trick the CPU into thinking it has more memory than it really has, using a rogue memory module, and get it to write its supposedly secret memory contents to the “ghost” space.
The researchers achieved this using a test rig anyone could buy, consisting of a Raspberry Pi Pico, costing a few dollars, and a DIMM socket to hold DDR4/5 RAM modules. First, they manipulated the serial presence detect (SPD) chip built into the memory module to misreport the amount of onboard memory when booting up — the “BadRAM” part of the attack.
