By Dr. Eleanor Vance | Published on January 01, 0001
Designed with cloud computing security in mind, [[link]] AMD's Secure 
Encrypted Virtualization-Secure Nested Paging (SEV-SNP), which is an incredibly long and serious name to suggest how complicated it is, has recently seen a rather worrying security breach, involving RAM and a Raspberry Pi.
The SNP part of that phrase is an added security measure to SEV, which ensures those with access via a virtual machine (VM) can't access data they aren't intended to, i.e. other virtual machines. The increased data protection offered by this and its ability to scale memory to protect entire VMs has made it an attractive route for organisations over competitors like Intel's SGX.
As reported by , this is all according to a entitled "BadRAM: Practical Memory Aliasing Attacks on Trusted Execution Environments".
In it, the researchers used a Raspberry Pi Pico to "unlock 
and modify DDR4 and DDR5 SPDs", where the SEV-SNP safeguard lies, to create memory aliases. These can then be used to "manipulate memory mappings and corrupt or replay ciphertext, culminating in a devastating end-to-end attack".
Once into the SDP, the Raspberry Pi can be used to disable and write protection and alter its contents. Ghost bits can then be made in the DIMM, which are "invisible to the memory controller". This can allow the controller of the Raspberry Pi to navigate software restrictions, or even enable "software-only attacks".
The Raspberry Pip Pico and DDR sockets required to do this cost "approximately $10" and can be sourced fairly easily. You will need a 7-10 V source, like a battery, but a malicious actor could get ahold of the necessary equipment with ease. If you're particularly techy, or get a little too ambitious with your hobbies, there's a chance you already have most [[link]] of this gear lying around.
Where malicious actors might struggle is in gaining physical access in order to do this method. The paper also notes that two Corsair DDR4 DIMMs taken off the shelf left "the base configuration entirely unprotected, possibly exposing them to software-only BadRAM attacks." This means, rarely, you can do this method without physical access.
Importantly, the paper notes times when physical access can be possible without it being particularly strange, like a "malicious employee at a cloud service provider". Notably, this access would leave no physical trace behind.
This problem was reported to AMD, which a 5.3 (medium) severity problem, and there's a fix, too.
Companies can mitigate problems by using memory modules that entirely lock SPD, "as well as [[link]] following physical security best practices". This is to say that someone shouldn't be able to get physical access in the first place, which is generally always pretty good advice—don't leave your front door unlocked.
Reader Comments
The variety of games is excellent, including table games like blackjack, roulette, and baccarat, in addition to slots. This keeps the platform interesting and allows me to switch games depending on my mood. The payout process is generally smooth and reliable, though occasionally it takes longer than expected. Overall, I feel confident that my winnings are safe and will be credited properly. Customer support has been outstanding whenever I had any issues. They respond quickly and professionally, ensuring that any concerns with deposits, withdrawals, or gameplay are addressed immediately, which makes me trust the platform more.
Sometimes I wish there were more ways to earn rewards through loyalty programs or frequent player bonuses. Adding seasonal events or special challenges could enhance the excitement even further. Customer support has been outstanding whenever I had any issues. They respond quickly and professionally, ensuring that any concerns with deposits, withdrawals, or gameplay are addressed immediately, which makes me trust the platform more.
I really enjoy playing the slot games here. The variety is amazing, from classic reels to modern video slots with interactive bonus rounds. Every spin feels like an adventure, and the graphics and sound effects are top-notch, making the experience immersive and exciting. I love the overall aesthetic of the platform. The animations, visual effects, and sound design make the gaming experience more dynamic and immersive. It's one of the reasons I keep coming back.