Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Researchers prove physical attacks expose weaknesses in CPU “trusted e...
When failure is not an option
Psst… know anyone interested in selling his/her identity?
Do identity security management adapt with better AI adoption and gove...
Cyberattack in Japan brews industry trouble, halts major beer producti...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      When failure is not an option

      When failure is not an option

      Tuesday, October 7, 2025, 12:02 PM Asia/Singapore | Features, Newsletter
    • Featured

      Psst… know anyone interested in selling his/her identity?

      Psst… know anyone interested in selling his/her identity?

      Tuesday, October 7, 2025, 10:30 AM Asia/Singapore | Features
    • Featured

      Fragmented data, fractured trust

      Fragmented data, fractured trust

      Tuesday, September 30, 2025, 3:09 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

News

Researchers prove physical attacks expose weaknesses in CPU “trusted execution environments”

By CybersecAsia editors | Tuesday, October 7, 2025, 2:10 PM Asia/Singapore

Researchers prove physical attacks expose weaknesses in CPU “trusted execution environments”

Exposed flaws in trusted execution environments prompt urgent reworking of security strategies in cloud-based software apps and infrastructures.

Security researchers have exposed new vulnerabilities that severely undermine the so-called trusted execution environments (TEEs) of the computer processors (central processing units or CPUs) of two manufacturers.

These TEEs, which are foundational to modern cloud and network security protocols, are embedded in CPUs from AMD and Intel, and they handle sensitive operations within encrypted zones to defend against unauthorized access in social media chat apps and cloud collaboration software.

On 30 September 2025, researchers unveiled two physical attacks, named “Battering RAM” and “Wiretap”, that circumvent TEE defenses. Both attacks exploit a critical design flaw: deterministic encryption, which generates identical ciphertext from identical plaintext at a given memory address.

By physically inserting a tiny device called an “interposer” between the processor and memory module, attackers can monitor and manipulate encrypted data as it travels within the system:

  • Battering RAM not only allows decryption of protected information but also permits injection of malicious payloads or the destruction of critical processes, potentially letting attackers place backdoors or corrupt authenticated data.
  • Wiretap operates covertly to passively decrypt streamed data without alerting existing security monitors.

A key point highlighted by both chipmakers is that their official threat models do not account for direct physical access to hardware, meaning such scenarios are excluded from their security guarantees. Nevertheless, industry feedback and online commentary emphasize that disregard for physical attacks is risky. One Reddit user has noted: When it comes to hardware security, “physical access equates to game over.”

With this threat development, organizations relying on TEEs will need to reconsider their risk profiles and defense assumptions, particularly for systems placed in potentially vulnerable locations such as third-party data centers. As the research makes clear, comprehensive security strategies must encompass not just remote attacks but also threats arising from direct hardware compromise.

Both chipmakers have published advisories / disclaimers for these hardware cracks.


Share:

PreviousWhen failure is not an option

Related Posts

APAC facing AI cyber-attack onslaught 

APAC facing AI cyber-attack onslaught 

Thursday, February 20, 2025

Four key insights to boost your cybersecurity stance

Four key insights to boost your cybersecurity stance

Monday, June 28, 2021

A cyber resilience primer: Part 2

A cyber resilience primer: Part 2

Thursday, November 9, 2023

E-shoppers, get ready for Amazon Prime Day scams and phishing traps!

Get ready for Amazon Prime Day scams and phishing traps, e-shoppers!

Friday, June 18, 2021

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • HOSTWAY gains 73% operational efficiency for private cloud operations  

    HOSTWAY gains 73% operational efficiency for private cloud operations  

    With NetApp storage solutions, the Korean managed cloud service provider offers a lean, intelligent architecture, …Read more
  • CISOs can navigate emerging risks from autonomous AI with a new security framework

    CISOs can navigate emerging risks from autonomous AI with a new security framework

    See how security leaders can adopt layered strategies addressing intent, governance, and oversight to manage …Read more
  • MoneyMe strengthens fraud prevention and credit decisioning

    MoneyMe strengthens fraud prevention and credit decisioning

    Australian fintech strengthens risk management with SEON to scale lending operations securely and efficiently.Read more
  • PT Kereta Api Indonesia announces nationwide email and communication overhaul

    PT Kereta Api Indonesia announces nationwide email and communication overhaul

    The state railway operator’s upgraded email system improves privacy, operational reliability, and regulatory alignment for …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.