Cloud Security

Confidential computing’s remote attestation protocol may have fundamental flaw

(Adobe Stock)

Confidential computing, touted as a key technology for Europe's sovereign cloud ambitions, may have a fundamental flaw in its security protocol. A security protocol used to prove cryptographic trust in these systems, known as remote attestation, has been found to be vulnerable to diversion attacks, according to a recent report by The Register.

New research led by Muhammad Usama Sardar, a researcher at TU Dresden, indicates that the attested TLS protocol, designed to ensure clients are communicating with genuine, unmodified Trusted Execution Environments (TEEs), is susceptible to diversion attacks. These attacks allow a connection intended for a legitimate server to be silently redirected to a compromised machine without the client's knowledge. The flaw lies in the protocol's focus on software integrity rather than server location. Seven different methods of cryptographically binding attestation evidence to the underlying connection were tested, and none prevented relay attacks where a client verifies a legitimate server but ends up encrypting data to a malicious one.

This vulnerability affects real-world implementations, including Meta's Private Processing system for WhatsApp and Edgeless Systems' Contrast, with CVE-2026-33697 being assigned a high severity rating. While the IETF's SEAT working group is incorporating formal verification into its standards, the core issue of trusting the hardware manufacturer remains, and the effectiveness of confidential computing for true digital sovereignty is being questioned by researchers and regulatory bodies like Germany's BSI.

Source: The Register

An In-Depth Guide to Cloud Security

Get essential knowledge and practical strategies to fortify your cloud security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds