A collaborative team of academic researchers from Georgia Tech, Purdue University, and Synkhronix has disclosed a new side-channel attack named TEE.Fail. This attack successfully extracts secrets from the trusted execution environment (TEE) of modern computer processors. The research specifically demonstrates the compromise of security features within both Intel and AMD CPUs, challenging the integrity of secure enclaves designed to protect sensitive data even from privileged software.

Understanding the Attack Vector

The core of the TEE.Fail attack is a physical method involving a custom-built interposition device. This device, constructed from off-the-shelf electronic components costing under $1,000, is engineered to physically inspect all memory traffic within a DDR5 server. By intercepting and analyzing this traffic as it travels between the CPU and system memory, the researchers gained direct access to data that is intended to be protected by the TEE’s encryption mechanisms.

Demonstrated Impact on Secure Enclaves

The research confirmed the attack’s effectiveness against several prominent TEE technologies. These include Intel’s Software Guard eXtensions (SGX) and Trust Domain Extensions (TDX), as well as AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) and Ciphertext Hiding. On an informational site, the researchers noted, “This allows us for the first time to extract cryptographic keys from Intel TDX and AMD SEV-SNP with Ciphertext Hiding, including in some cases secret attestation keys from fully updated machines in trusted status.” This statement confirms the extraction of highly sensitive cryptographic material from systems that were fully patched and considered secure. The attack’s success highlights a critical vulnerability at the hardware level.

Source: https://thehackernews.com/2025/10/new-teefail-side-channel-attack.html