Battering RAM: A New Hardware Attack Targeting AMD and Intel Systems

Academic researchers have revealed a new hardware-based attack called Battering RAM, capable of bypassing security protections on AMD and Intel processors. While both chipmakers acknowledge the findings, they downplay the risk, citing the requirement for physical access to the targeted system. The attack highlights the ongoing challenge of protecting sensitive data in cloud environments.

From BadRAM to Battering RAM

This discovery follows the team’s earlier BadRAM research, which showed how $10 worth of equipment could undermine AMD’s trusted execution environment. The new Battering RAM attack builds on those findings, targeting modern defenses in cloud processors.

The attack is particularly concerning because it compromises Intel SGX (Software Guard Extensions) and AMD SEV-SNP (Secure Encrypted Virtualization – Secure Nested Paging). These technologies are widely used in cloud computing to ensure confidential data remains protected, even from insiders with privileged access.

How the Attack Works

• The Interposer Device: Researchers built a small hardware device called an interposer, placed between the CPU and DRAM memory module.

• Cost and Stealth: The device cost only $50 to construct and attaches directly to the DIMM, staying invisible during normal operation.

• Triggering the Attack: With a simple switch, the interposer redirects protected memory addresses to attacker-controlled locations.

The result: encryption and boot-time defenses are bypassed, giving attackers plaintext access to SGX-protected memory and undermining SEV’s attestation on fully patched systems.

Potential Threat Scenarios

While physical access is required, the researchers argue that attackers may only need brief access to execute the attack. Possible scenarios include:

• Rogue insiders such as cloud administrators or data center technicians.

• Supply chain tampering during manufacturing or shipping of memory modules.

• Government or law enforcement access to seized devices.

Currently, the interposer works only with DDR4 memory, but researchers warn the same flaw could eventually be exploited against DDR5, since the root issue remains unresolved.

Industry Response

Both Intel and AMD were notified in February 2025 and released advisories when the research became public. Their stance is that physical-access attacks are outside the scope of their security threat models.

• Intel’s Mitigation: Some Xeon processors include Total Memory Encryption – Multi-Key (TME-MK), which offers stronger resistance. Intel also recommends robust physical protection of systems.

• AMD’s Position: The company acknowledged the findings but similarly emphasized that physical-access scenarios fall beyond expected protections.

Importantly, researchers confirm that no software or firmware updates can fully mitigate this vulnerability.

Conclusion

Battering RAM demonstrates the inherent limits of current memory encryption technologies when attackers gain physical access. While the average user is unlikely to be affected, the research underscores risks in cloud environments and supply chains where devices may be vulnerable before reaching end-users. For organizations handling sensitive workloads, physical security remains as crucial as digital safeguards.