Computer scientists at ETH Zurich have developed a novel attack dubbed ‘Ahoi. ‘ This attack exploits vulnerabilities in Intel TDX and AMD SEV-SNP processors to compromise Confidential VMs (CVMs) by manipulating interrupt handling mechanisms.
Their research, summarized in a dedicated page and detailed in this technical paper, reveals a gap in the security of processors designed for confidential computing, affecting cloud services by enabling unauthorized data access.
Breaking confidentiality
Public cloud services, like AWS and Google Cloud, use advanced security technologies to protect sensitive data. These services rely on hardware-based security mechanisms provided by AMD and Intel chips.
Researchers at ETH Zurich have identified a vulnerability in the security mechanisms of these chips, posing a risk to confidential computing in cloud services. Confidential computing is a method that protects sensitive data during processing by isolating it in a secure area of the cloud, away from other users and even the cloud provider.
The vulnerability exploits the interrupt mechanism and hypervisor software. Interrupts are signals that temporarily disrupt the regular computing processes to handle another task. A total of 256 different interrupts can trigger specific programming commands. The researchers showed that it's possible to manipulate these interrupts to access data stored in the memories of other active cloud users on the same hardware.
Based on these findings, the researchers developed attacks named Ahoi and WeSee. Ahoi attacks involve sending coordinated interrupts to exploit the hypervisor and gain root access to the system. WeSee attacks, specific to AMD hardware, exploit a communication mechanism between the TEE (Trusted Execution Environment) and the hypervisor, leading to data leaks and unauthorized code execution.
The following video provides an easier-to-digest explanation of how the Ahoi attacks work.
Impact and fixing
The vulnerability was found to be more prevalent in AMD's confidential computing setup, with several interrupt vulnerabilities available. Intel, on the other hand, had fewer vulnerabilities. While both companies have started addressing these security gaps, the progress in addressing the flaws is still at an early stage.
For optimal protection, Intel TDX users are advised to apply Linux kernel patches that block external int 0x80 injections, while AMD SEV-SNP users should disable x86 emulation. As of April 4, 2024, there's no comprehensive fix for AMD against signal attacks, and no software supports using AMD's protected interrupt delivery feature.
Cloud providers Azure, Google, and AWS have been informed accordingly, with Azure stating their services are not vulnerable due to their specific configurations preventing the attacks.
Trojanized NordVPN Installer Pushed via Microsoft Bing Campaign
Leave a Reply