Advertise with Us
CybersecurityUpdate

Intel SGX and AMD SEV Enclaves Vulnerable to Physical Attacks

Trusted enclaves in Intel's SGX and AMD's SEV, designed to secure sensitive data from software threats, are vulnerable to physical attacks like voltage fault injection, allowing data extraction. This exposes a gap in threat models for cloud and enterprise use. Chipmakers urge system-level protections, but experts call for enhanced hardware safeguards to bridge real-world risks.
Intel SGX and AMD SEV Enclaves Vulnerable to Physical Attacks
Written by Lucas Greene
Wednesday, October 1, 2025

In the high-stakes world of cybersecurity, trusted enclaves in processors from Intel and AMD have long been hailed as fortified bastions for sensitive data, shielding everything from encryption keys to proprietary algorithms in cloud environments. But recent revelations expose a glaring vulnerability: these enclaves crumble under physical attacks, challenging the foundational assumptions of network security. According to a report from Ars Technica, researchers have demonstrated that with direct access to hardware, attackers can bypass the protections that make these enclaves “trusted,” extracting confidential information that was supposed to remain isolated even from the host operating system.

The technology in question, known as Intel’s Software Guard Extensions (SGX) and AMD’s Secure Encrypted Virtualization (SEV), creates isolated execution environments within the CPU. These enclaves are designed to run code and store data securely, preventing interference from malware or privileged software. Yet, as the Ars Technica article details, physical tamperingā€”such as voltage fault injection or electromagnetic side-channel attacksā€”can disrupt the enclave’s integrity, allowing data leaks that undermine their purpose.

Exposing the Threat Model Gap

Chipmakers have consistently maintained that physical attacks fall outside the intended threat model for these technologies. Intel and AMD argue that enclaves are built to counter software-based threats, not scenarios where an adversary has hands-on access to the device. This stance, echoed in the Ars Technica coverage, highlights a disconnect: many enterprise users deploy these enclaves in shared or remote infrastructures, assuming broader protections that don’t exist.

For industry insiders, this revelation underscores a broader issue in hardware security design. Trusted enclaves form the backbone of secure computing in data centers, enabling confidential computing where sensitive workloads run on untrusted hardware. However, the physical attack vectors, including those exploiting power management flaws, reveal that assumptions about remote attestation and memory encryption are insufficient against determined, proximate threats.

Real-World Implications for Enterprises

The fallout is particularly acute for sectors like finance and healthcare, where data privacy regulations demand ironclad protections. As Ars Technica notes, users often overlook vendor disclaimers, leading to misplaced trust in enclave security for scenarios involving potential physical compromise, such as in edge computing or multi-tenant clouds.

Researchers cited in the report, including teams from academic institutions, have replicated these attacks using relatively accessible tools, demonstrating how fault injection can force enclaves to reveal secrets. This echoes past vulnerabilities like Spectre and Meltdown, but with a physical twist that software patches can’t fully mitigate.

Industry Responses and Mitigation Strategies

In response, Intel and AMD have reiterated that physical security must be handled at the system level, through measures like tamper-resistant hardware or secure facilities. Yet, critics argue this shifts responsibility unfairly onto users, especially in an era of distributed computing. The Ars Technica piece points to ongoing debates in the security community, where calls for enhanced hardware safeguards are growing louder.

For enterprises, the path forward involves reassessing deployment models. Integrating additional layers, such as hardware security modules or advanced monitoring, could bolster defenses. Meanwhile, as chipmakers face scrutiny, future iterations of enclave technology may incorporate physical attack resistance, though experts warn that perfect security remains elusive.

Toward a More Resilient Future

This vulnerability serves as a wake-up call for the semiconductor industry, prompting a reevaluation of how trusted computing is architected. With attackers increasingly blending physical and digital tactics, the reliance on enclaves demands a holistic approach that doesn’t dismiss any threat vector.

Ultimately, as detailed in the Ars Technica analysis, bridging the gap between vendor threat models and real-world usage is essential to safeguarding the digital infrastructure that underpins modern economies.

Subscribe for Updates

CybersecurityUpdate Newsletter

The CybersecurityUpdate Email Newsletter is your essential source for the latest in cybersecurity news, threat intelligence, and risk management strategies. Perfect for IT security professionals and business leaders focused on protecting their organizations.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us
About Us

WebProNews is a leading publisher of business and technology email newsletters and websites.

Reach our audience
Publication Categories
WebProNews is an iEntry Publication
©2025 iEntry, Inc. All rights reserved. Privacy Policy | Legal | Contact Us |