KU Leuven research exposes fundamental hardware flaw in highly protected cloud servers
With a custom-built hardware module costing less than 50 euros, researchers from KU Leuven and the University of Birmingham managed to break Intel’s and AMD’s most advanced security technologies. Their hack reveals a fundamental vulnerability in modern cloud computer hardware.
Almost every digital service we rely on daily, from banking apps to healthcare systems, is supported by cloud computing. To protect user privacy, cloud providers increasingly deploy so-called confidential computing technologies. These techniques, such as Intel’s Software Guard Extensions (SGX) and AMD’s Secure Encrypted Virtualization (SEV), are designed to shield data at the hardware level — even from the cloud provider itself.
New research from KU Leuven (COSIC and DistriNet), in collaboration with the University of Birmingham, shows that this promise doesn’t fully hold up in practice. Using a custom-built hardware module that costs less than 50 euros, the team managed to extract sensitive information from highly protected cloud servers. The attack, dubbed ‘Battering RAM,’ bypasses the strongest security defenses currently on the market.
‘Our attack shows that even the most advanced confidential computing technologies are still vulnerable if an attacker has limited physical access to a server’s motherboard,’ said Professor Jo Van Bulck (DistriNet, Department of Computer Science).
This new work builds on earlier research from the same team, including the 2024 “BadRAM” attack. While Intel and AMD have since implemented software fixes, the new attack demonstrates that the underlying hardware architecture remains exposed.
Technical approach
For the attack, the researchers built a low-cost memory interposer: a small circuit board placed between the processor and the memory. By subtly manipulating the electrical signals between these components, the interposer can access memory locations that should normally remain strictly protected.
Jesse De Meulemeester, researcher at COSIC (ESAT, Department of Electrical Engineering) and first author of the study, explains: ‘Our interposer, costing less than 50 euros, overpowers Intel’s and AMD’s multi-million investments. The attack works on both Intel and AMD servers and exposes a fundamental weakness in the way modern chips encrypt memory.’
A structural vulnerability
The researchers stress that the issue cannot be easily fixed, since the weakness lies not in the software, but in the hardware architecture itself. As long as an attacker gains physical access to a server motherboard, for instance through datacenter maintenance staff or large-scale government surveillance such as revealed by Edward Snowden, the attack can be carried out without leaving any trace.
Intel and AMD were informed ahead of time in the context of responsible disclosure. Both companies will release an official security advisory on September 30, 2025.
Meer informatie
- Visit 'Battering RAM'’s website for more information on the research, including the full academic paper.
- The results will be presented at two prestigious cybersecurity conferences in both industry (Black Hat Europe 2025), and academia (IEEE Security & Privacy 2026).
This research was supported by the Research Fund KU Leuven, Research Foundation – Flanders (FWO), and the Cybersecurity Research Program Flanders.
