A recent investigation has identified critical vulnerabilities in the remote attestation protocol, a key component of confidential computing systems. This research raises questions about the security assurances provided by these systems, particularly in production environments.
Understanding Remote Attestation
Confidential computing relies on a mechanism known as remote attestation, which allows a server to cryptographically verify to a client that it is operating within a genuine, unmodified Trusted Execution Environment (TEE). This verification is crucial before any sensitive data is exchanged. However, new findings suggest that the underlying protocol, termed attested TLS, may not function as intended.
Research Findings
Research conducted by Muhammad Usama Sardar and colleagues from TU Dresden has formally assessed the effectiveness of attested TLS. Their paper, titled Identity Crisis in Confidential Computing, reveals that the protocol is susceptible to diversion attacks. These attacks enable a connection intended for one server to be redirected to a compromised machine without the client’s awareness. This flaw arises because the protocol verifies software integrity but not the server’s physical location.
Intra-Handshake Attestation Vulnerabilities
Further analysis in a subsequent paper, Intra-handshake.fail, examined intra-handshake attestation, where evidence is generated during the TLS handshake. The researchers tested various methods for cryptographically binding this evidence to the connection and found that none effectively prevent relay attacks. These attacks allow a client to mistakenly encrypt traffic to a malicious server while believing it is communicating with a legitimate one.
Real-World Implications
The vulnerabilities are not theoretical; they affect real-world implementations, including Meta’s Private Processing for WhatsApp, Edgeless Systems’ Contrast, and the open-source Cocos AI platform. The identified flaw has been assigned CVE-2026-33697, rated 7.5 on the Common Vulnerability Scoring System, indicating high severity. This vulnerability is part of a broader set of issues in confidential computing, which has been acknowledged by both the Confidential Computing Consortium and the IETF’s TLS working group.
Despite prior security reviews, including one commissioned by Meta, these relay attacks went undetected, highlighting the limitations of traditional audit methodologies. The researchers emphasize the need for formal verification methods to uncover such vulnerabilities.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.








