<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cocos AI - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/vendors/cocos-ai/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Wed, 03 Jan 2024 14:30:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/vendors/cocos-ai/feed.xml" rel="self" type="application/rss+xml"/><item><title>Cocos AI Attested TLS Relay Attack Vulnerability (CVE-2026-33697)</title><link>https://feed.craftedsignal.io/briefs/2024-01-cocos-ai-relay-attack/</link><pubDate>Wed, 03 Jan 2024 14:30:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-cocos-ai-relay-attack/</guid><description>A relay attack vulnerability, tracked as CVE-2026-33697, exists in the attested TLS (aTLS) implementation of Cocos AI, versions v0.4.0 through v0.8.2, allowing attackers to impersonate a legitimate service and potentially access sensitive data.</description><content:encoded><![CDATA[<p>Cocos AI is a confidential computing system for AI that utilizes attested TLS (aTLS). A critical relay attack vulnerability, identified as CVE-2026-33697, has been discovered in the aTLS implementation affecting versions v0.4.0 through v0.8.2. This vulnerability impacts both AMD SEV-SNP and Intel TDX deployment targets. An attacker who successfully extracts the ephemeral TLS private key during the handshake can relay or divert the attested TLS session. This allows the attacker to impersonate a genuine CoCoS service, potentially gaining unauthorized access to data or operations intended for the legitimate endpoint. Exploitation necessitates extracting the ephemeral TLS private key, achievable through physical access to the server hardware, transient execution attacks, or side-channel attacks. The aTLS implementation was redesigned in v0.7.0, but this redesign did not address the underlying architectural vulnerability. Currently, there is no patch available or complete workaround, posing a significant risk to deployments of Cocos AI.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li><strong>Initial Compromise:</strong> The attacker gains physical access to the server hardware or leverages transient execution attacks or side-channel attacks to target the Cocos AI environment.</li>
<li><strong>Ephemeral Key Extraction:</strong> The attacker successfully extracts the ephemeral TLS private key used during the aTLS handshake process.</li>
<li><strong>TLS Session Interception:</strong> The attacker intercepts the initial TLS handshake between a client and a legitimate Cocos AI service.</li>
<li><strong>Relay/Divert Attestation:</strong> Using the extracted ephemeral key, the attacker relays or diverts the attested TLS session to a malicious endpoint controlled by the attacker.</li>
<li><strong>Impersonation:</strong> The attacker's malicious endpoint presents the stolen attestation evidence to the client, impersonating the legitimate Cocos AI service.</li>
<li><strong>Client Connection:</strong> The client, falsely believing it is communicating with the genuine service, establishes a connection with the attacker's endpoint.</li>
<li><strong>Data Exfiltration/Manipulation:</strong> The attacker gains unauthorized access to data or operations intended for the legitimate service, potentially exfiltrating sensitive information or manipulating AI processes.</li>
<li><strong>Maintain Persistence:</strong> The attacker may attempt to maintain a persistent presence within the compromised environment for continued access or further exploitation.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-33697 allows an attacker to impersonate an attested Cocos AI service, potentially leading to unauthorized access to sensitive data and critical AI operations. This can compromise the confidentiality and integrity of AI models and data processed by Cocos AI. Since the exact deployment numbers are unknown, it's difficult to assess the full scope, but this vulnerability represents a significant risk for any organization using Cocos AI within their infrastructure.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Apply available hardening measures such as keeping TEE firmware and microcode up to date to reduce the key-extraction surface as mentioned in the overview.</li>
<li>Define strict attestation policies that validate all available report fields, including firmware versions, TCB levels, and platform configuration registers as noted in the overview.</li>
<li>Enable mutual aTLS with CA-signed certificates where deployment architecture permits to mitigate the vulnerability as suggested in the overview.</li>
<li>Monitor for unusual network activity originating from Cocos AI servers that may indicate TLS session relaying, using a network monitoring tool.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>vulnerability</category><category>relay attack</category><category>attested TLS</category><category>Cocos AI</category></item></channel></rss>