Confidential computing, touted as a key technology for Europe's sovereign cloud ambitions, may have a fundamental flaw in its security protocol. A security protocol used to prove cryptographic trust in these systems, known as remote attestation, has been found to be vulnerable to diversion attacks, according to a recent report by The Register.New research led by Muhammad Usama Sardar, a researcher at TU Dresden, indicates that the attested TLS protocol, designed to ensure clients are communicating with genuine, unmodified Trusted Execution Environments (TEEs), is susceptible to diversion attacks. These attacks allow a connection intended for a legitimate server to be silently redirected to a compromised machine without the client's knowledge. The flaw lies in the protocol's focus on software integrity rather than server location. Seven different methods of cryptographically binding attestation evidence to the underlying connection were tested, and none prevented relay attacks where a client verifies a legitimate server but ends up encrypting data to a malicious one.This vulnerability affects real-world implementations, including Meta's Private Processing system for WhatsApp and Edgeless Systems' Contrast, with CVE-2026-33697 being assigned a high severity rating. While the IETF's SEAT working group is incorporating formal verification into its standards, the core issue of trusting the hardware manufacturer remains, and the effectiveness of confidential computing for true digital sovereignty is being questioned by researchers and regulatory bodies like Germany's BSI.Source: The Register
Cloud Security
Confidential computing’s remote attestation protocol may have fundamental flaw

(Adobe Stock)
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



