Four researchers from the Fraunhofer Institute for Applied and Integrated Safety in Munich, Germany have published a research paper this week detailing a method of recovering data that is normally encrypted by AMD's Secure Encrypted Virtualization (SEV), a safety mechanism designed to encrypt the data of virtual machines running on servers with AMD CPUs.
The research team says their attack, which they named SEVered, is capable of recovering plaintext memory data from guest VMs running on the same server as the VM that's under attack.
SEVered attack can be carried out remotely
SEVered also doesn't require physical access or malicious code to be present on the attacked VM and can be carried out remotely by sending network requests to applications such as Apache, nginx, or OpenSSH.
"By repeatedly sending requests for the same resource to the service while re-mapping the identified memory pages, we extract all the VM’s memory in plaintext," researchers said in their paper, entitled "
SEVered: Subverting AMD’s Virtual Machine Encryption."
