logo

Fatal Fury on ESP32: Time to Release Hardware Exploits

Conference:  BlackHat EU 2019

2019-12-05

Summary

The presentation discusses the security features of the ESP32 chip and the vulnerabilities that can be exploited through physical access and voltage glitching.
  • The ESP32 chip is a popular IoT platform that provides Wi-Fi and Bluetooth connectivity.
  • The chip has four built-in security features: crypto hardware accelerators, secure boot, flash encryption, and HMAC.
  • Physical access and voltage glitching can be used to exploit vulnerabilities in the chip's security features.
  • Voltage glitching is a low-cost and efficient fault injection technique that can induce faults during critical software operations.
  • The power domain of the ESP32 chip has three separate domains: IAP, serial time clock, and CPU.
  • The presentation provides a development kit for testing the vulnerabilities of the ESP32 chip.
The speaker spent three months investigating the security features of the ESP32 chip and used physical access and voltage glitching to exploit vulnerabilities. The speaker also provided a development kit for testing the vulnerabilities of the chip.

Abstract

Released on January 1st 2016, the ESP32, the System-on-Chip (SoC) from Espressif Systems, becomes quickly popular among the IoT industry and electronic hobbyists, due to its wireless connectivity, a low-power consumption and a free development framework supporting plenty of functions. Espressif is supporting a 12-years-longevity commitment for ESP32, and has already achieved the 100 Millions Target of IoT chip Shipments in January 2019 [1].This SoC, based on Xtensa LX6 dual-core, contains built-in security features such as:- Crypto-Hardware accelerator. The HW crypto accelerators are nowadays used to speed up cryptographic primitives like AES, SHA and even RSA, which will be used by crypto library like ARM MbedTLS [2].- Secure Boot. The Secure boot is the guardian of the firmware authenticity and integrity stored into the Flash memory. - Flash encryption. The Flash encryption is used to protect the firmware confidentiality, for example to avoid the loss of IP or to a readout of persistent and sensitive data like Wi-FI credentials in IoT devices [3].- One Time Programmable (OTP) memory. The OTP memory, based on eFuses, is considered as a Root-of-Trust to store the security configuration and the secret AES-256 keys, dedicated to secure boot process and Flash encryption. This memory is R/W protected (obviously).This talk presents, in a methodical way, how to defeat one by one the previously listed security features, having physical access to the device and using low-cost hardware techniques such as voltage glitching, analog side-channels, micro-soldering and reverse (of course). To the best of my knowledge, Built-in ESP32 security features such as Secure boot and Flash Encryption were never broken until now. Defeating these protections on a popular platform such as ESP32 should be considered as a serious threat by all the developers using the ESP32 as a main CPU platform or even as a WIFI/bluetooth peripheral, in their final products. Some discovered vulnerabilities cannot be patched without silicon redesign, leading to a lot of vulnerable devices on the field for the coming years.[1] - https://www.espressif.com/en/products/hardware[2] - https://os.mbed.com/docs/mbed-os/v5.10/porting/hardware-accelerated-crypto.html[3] - https://limitedresults.com/2019/01/pwn-the-lifx-mini-white/

Materials:

Tags: