Black-Box Laser Fault Injection on a Secure Memory

With the constant development of electronic devices, their increasing complexity and need for security, cryptography in embedded systems has become a strong requirement to protect data or secure communications. Some devices run on standard low-cost microcontrollers, which are vulnerable to low-budget physical attacks allowing the retrieval of secret materials, such as cryptographic keys. More sophisticated devices use dedicated security circuits able to withstand higher levels of physical attacks.We present vulnerability research conducted on one of those secure chips: the Microchip ATECC508A, a secure memory widely used in IoT devices, which is able to store small secret data blobs protected by cryptographic authentication. We present a vulnerability we found which allows a highly equipped and skilled attacker to retrieve a secret data slot by bypassing authentication using Laser Fault Injection.The talk walks through the experimental methodology we used to understand and develop the attack in a complete black-box approach, as the firmware of the device is an industry kept secret. Finally, we assess the difficulty of this attack in a real-case scenario: a PIN code and seed recovery on a hardware wallet, and demonstrate it is practical despite the setup cost.