Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
SINGAPORE HOSTED THE 5TH COUNTER RANSOMWARE INITIATIVE SUMMIT
Zero click vulnerability found within a day in new AI-powered browser
ASEAN and Japan Unite Against Cyber Threats: the 2nd AJCCA Conference ...
HanchorBio’s Novel CD47-SIRPα Therapeutic HCB101 Accepted for Pu...
ViewQwest partners with Zero Networks to deliver automated microsegmen...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Collaboration and data security for today’s agentic workspace

      Collaboration and data security for today’s agentic workspace

      Wednesday, October 22, 2025, 1:42 PM Asia/Singapore | Features, Newsletter, Tips
    • Featured

      The AI paradox in cybersecurity

      The AI paradox in cybersecurity

      Wednesday, October 15, 2025, 11:24 AM Asia/Singapore | Features, Newsletter
    • Featured

      Addressing Asia Pacific’s rising insider threats

      Addressing Asia Pacific’s rising insider threats

      Wednesday, October 15, 2025, 10:18 AM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

News

Researchers prove physical attacks expose weaknesses in CPU “trusted execution environments”

By CybersecAsia editors | Tuesday, October 7, 2025, 2:10 PM Asia/Singapore

Researchers prove physical attacks expose weaknesses in CPU “trusted execution environments”

Exposed flaws in trusted execution environments prompt urgent reworking of security strategies in cloud-based software apps and infrastructures.

Security researchers have exposed new vulnerabilities that severely undermine the so-called trusted execution environments (TEEs) of the computer processors (central processing units or CPUs) of two manufacturers.

These TEEs, which are foundational to modern cloud and network security protocols, are embedded in CPUs from AMD and Intel, and they handle sensitive operations within encrypted zones to defend against unauthorized access in social media chat apps and cloud collaboration software.

On 30 September 2025, researchers unveiled two physical attacks, named “Battering RAM” and “Wiretap”, that circumvent TEE defenses. Both attacks exploit a critical design flaw: deterministic encryption, which generates identical ciphertext from identical plaintext at a given memory address.

By physically inserting a tiny device called an “interposer” between the processor and memory module, attackers can monitor and manipulate encrypted data as it travels within the system:

  • Battering RAM not only allows decryption of protected information but also permits injection of malicious payloads or the destruction of critical processes, potentially letting attackers place backdoors or corrupt authenticated data.
  • Wiretap operates covertly to passively decrypt streamed data without alerting existing security monitors.

A key point highlighted by both chipmakers is that their official threat models do not account for direct physical access to hardware, meaning such scenarios are excluded from their security guarantees. Nevertheless, industry feedback and online commentary emphasize that disregard for physical attacks is risky. One Reddit user has noted: When it comes to hardware security, “physical access equates to game over.”

With this threat development, organizations relying on TEEs will need to reconsider their risk profiles and defense assumptions, particularly for systems placed in potentially vulnerable locations such as third-party data centers. As the research makes clear, comprehensive security strategies must encompass not just remote attacks but also threats arising from direct hardware compromise.

Both chipmakers have published advisories / disclaimers for these hardware cracks.


Share:

PreviousPsst… know anyone interested in selling his/her identity?
NextAugust CVE with severity of 9.8 vulnerability amplified by ransomware group

Related Posts

Q2/Q3 ransomware threat report measures extent of new cyber threats

Q2/Q3 ransomware threat report measures extent of new cyber threats

Friday, October 21, 2022

List of 10 brands most abused in phishing campaigns for Q1 2024

List of 10 brands most abused in phishing campaigns for Q1 2024

Tuesday, May 14, 2024

Growing shared economy in cybercriminal underground: threat report

Growing shared economy in cybercriminal underground: threat report

Thursday, February 17, 2022

DMARC protects bank customers, but is it implemented correctly?

DMARC protects bank customers, but is it implemented correctly?

Friday, August 11, 2023

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • HOSTWAY gains 73% operational efficiency for private cloud operations  

    HOSTWAY gains 73% operational efficiency for private cloud operations  

    With NetApp storage solutions, the Korean managed cloud service provider offers a lean, intelligent architecture, …Read more
  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.