Cybersecurity researchers from the University of Birmingham and KU Leuven have successfully demonstrated a hardware-based attack that bypasses the memory encryption protections of both Intel and AMD processors. The attack, named Collide+Power, utilizes a low-cost, off-the-shelf hardware module to defeat protections designed to secure data while it is in use.

The research, presented at the Usenix Security Symposium, targets Intel’s Software Guard Extensions (SGX) and AMD’s Secure Encrypted Virtualization (SEV). These technologies are central to confidential computing, providing encrypted memory enclaves to protect sensitive code and data even from a privileged system administrator. However, this new attack method demonstrates a vulnerability when an adversary has physical access to the target machine’s memory modules.

The “Collide+Power” Attack Method

The attack requires an adversary to physically insert a Field Programmable Gate Array (FPGA) module into a DIMM slot on the target system’s motherboard. This device sits between the CPU and the DRAM memory module, allowing it to intercept and manipulate communications. The core of the Collide+Power attack involves a technique known as voltage glitching. By carefully manipulating the voltage supplied to the DRAM chips, the researchers induced bit flips, or data corruption, within the encrypted memory.

By observing the system’s power consumption during these induced faults, the researchers were able to conduct a power side-channel analysis. This analysis allowed them to reconstruct the secret data that was being processed inside the supposedly secure memory enclaves. The entire process was accomplished using readily available hardware components.

Successful Data Extraction and Vendor Response

Using the Collide+Power technique, the research team successfully extracted a full AES-256 encryption key from a running Intel SGX enclave. In a separate demonstration, they also recovered an RSA private key from a virtual machine that was protected by AMD SEV. These successful extractions prove the practical viability of the attack against both major CPU manufacturers’ memory encryption technologies.

Both Intel and AMD were notified of the findings. In a statement, Intel noted that SGX is being deprecated on newer client CPUs and that its successor technology, Trust Domain Extensions (TDX), includes additional protections. AMD acknowledged the research and reiterated that its security architectures depend on platforms with robust physical security measures in place.