Exposed flaws in trusted execution environments prompt urgent reworking of security strategies in cloud-based software apps and infrastructures.
Security researchers have exposed new vulnerabilities that severely undermine the so-called trusted execution environments (TEEs) of the computer processors (central processing units or CPUs) of two manufacturers.
These TEEs, which are foundational to modern cloud and network security protocols, are embedded in CPUs from AMD and Intel, and they handle sensitive operations within encrypted zones to defend against unauthorized access in social media chat apps and cloud collaboration software.
On 30 September 2025, researchers unveiled two physical attacks, named “Battering RAM” and “Wiretap”, that circumvent TEE defenses. Both attacks exploit a critical design flaw: deterministic encryption, which generates identical ciphertext from identical plaintext at a given memory address.
By physically inserting a tiny device called an “interposer” between the processor and memory module, attackers can monitor and manipulate encrypted data as it travels within the system:
- Battering RAM not only allows decryption of protected information but also permits injection of malicious payloads or the destruction of critical processes, potentially letting attackers place backdoors or corrupt authenticated data.
- Wiretap operates covertly to passively decrypt streamed data without alerting existing security monitors.
A key point highlighted by both chipmakers is that their official threat models do not account for direct physical access to hardware, meaning such scenarios are excluded from their security guarantees. Nevertheless, industry feedback and online commentary emphasize that disregard for physical attacks is risky. One Reddit user has noted: When it comes to hardware security, “physical access equates to game over.”
With this threat development, organizations relying on TEEs will need to reconsider their risk profiles and defense assumptions, particularly for systems placed in potentially vulnerable locations such as third-party data centers. As the research makes clear, comprehensive security strategies must encompass not just remote attacks but also threats arising from direct hardware compromise.
Both chipmakers have published advisories / disclaimers for these hardware cracks.
