**Researchers Expose New Supply Chain Threat to Confidential Computing**
At Black Hat Europe this week, security researchers from Belgium’s KU Leuven University revealed a critical vulnerability in confidential computing technologies, demonstrating how a low-cost hardware attack could bypass protections in Intel SGX and AMD SEV.
Confidential computing relies on hardware-based enclaves—such as Intel’s Software Guard Extensions (SGX) and AMD’s Secure Encrypted Virtualization (SEV)—to encrypt and isolate sensitive data in memory, shielding it from privileged attackers and physical threats like cold boot attacks. These technologies are widely used in cloud environments to secure workloads.
However, researchers Jesse De Meulemeester and Jo Van Bulck developed a custom $50 DDR4 interposer—a hardware device inserted between memory modules and the motherboard—that manipulates memory address mapping. By exploiting this flaw, the attack tricks the processor into granting unauthorized access to encrypted memory regions, even on fully patched systems. The findings highlight a new supply chain risk, as the attack could be deployed during manufacturing or distribution without detection.
The demonstration underscores persistent challenges in securing hardware-based encryption, particularly against physical tampering, and raises concerns about the long-term resilience of confidential computing frameworks.
TPRM report: https://www.rankiteo.com/company/intel-corporation
"id": "int1765483083",
"linkid": "intel-corporation",
"type": "Vulnerability",
"date": "12/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology, Cloud Computing, Finance, '
'Healthcare',
'location': 'Global',
'type': 'Cloud Service Providers, Enterprises using '
'confidential computing'}],
'attack_vector': 'Hardware-based memory manipulation',
'data_breach': {'data_encryption': 'Bypassed (memory encryption was '
'compromised)',
'sensitivity_of_data': 'High (depends on use case, e.g., '
'financial, healthcare, or proprietary '
'data)',
'type_of_data_compromised': 'Encrypted memory contents '
'(potentially sensitive data)'},
'date_publicly_disclosed': '2023-12-06',
'description': 'Security researchers from KU Leuven University demonstrated a '
'supply chain attack using a custom, low-cost DDR4 interposer '
'to manipulate memory address mapping and gain unauthorized '
'access to encrypted memory regions in confidential computing '
'environments, bypassing protections like Intel SGX and AMD '
'SEV.',
'impact': {'brand_reputation_impact': 'Potential erosion of trust in '
'confidential computing technologies',
'data_compromised': 'Encrypted memory regions in confidential '
'computing enclaves',
'operational_impact': 'Potential unauthorized access to sensitive '
'data in protected memory regions',
'systems_affected': 'Systems using Intel SGX or AMD SEV for '
'confidential computing'},
'investigation_status': 'Research / Proof of Concept',
'lessons_learned': 'Confidential computing technologies like Intel SGX and '
'AMD SEV are not immune to hardware-based supply chain '
'attacks. Physical access to memory hardware can undermine '
'even robust encryption protections.',
'motivation': 'Security Research / Proof of Concept',
'post_incident_analysis': {'root_causes': 'Hardware-based memory manipulation '
'via DDR4 interposer, exploiting '
'physical access to memory modules '
'to bypass memory encryption '
'protections.'},
'recommendations': ['Enhance supply chain security for hardware components, '
'particularly memory modules.',
'Implement additional layers of software-based memory '
'protection to detect or mitigate hardware manipulation.',
'Monitor for unusual memory access patterns or anomalies '
'in confidential computing environments.',
'Conduct regular security audits of hardware and firmware '
'in critical systems.'],
'references': [{'date_accessed': '2023-12-06',
'source': 'Black Hat Europe Conference'}],
'stakeholder_advisories': 'Cloud providers and enterprises using confidential '
'computing should assess their exposure to '
'hardware-based supply chain attacks and consider '
'additional mitigations.',
'threat_actor': 'Security Researchers (Jesse De Meulemeester and Jo Van '
'Bulck, KU Leuven University)',
'title': 'DDR4 Interposer Attack on Confidential Computing Enclaves',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Memory address mapping manipulation via DDR4 '
'interposer'}