logo

Chip.Fail - Glitching the Silicon of the Connected World

Conference:  BlackHat USA 2019

2019-08-07

Summary

The presentation discusses the use of fault injection attacks to break IoT processors and the importance of considering processors as part of the threat model when designing a product.
  • Processors in smart devices are often not considered as part of the threat model when designing a product
  • Fault injection attacks can be used to break IoT processors
  • Glitching is easier than people think and can become part of the software and hardware development life cycle
  • Security devices are essential for many use cases and chip vendors and developers need to improve their protections against glitching
  • The STM32 microcontroller is susceptible to glitching and has a readout protection feature that can be downgraded from RDP2 to RDP1
  • The boot ROM is vulnerable to glitching and there are no checks for RDP1 or RDP2
The presenters were able to glitch the STM32 microcontroller's boot ROM and downgrade its readout protection from RDP2 to RDP1. They found that processors are often not considered as part of the threat model when designing a product, and glitching is easier than people think. They emphasized the importance of security devices and the need for chip vendors and developers to improve their protections against glitching.

Abstract

All smart devices, from cars to IoT, are based around processors. Often these processors are not considered as part of the threat model when designing a product; instead, there is an implicit trust that they just work and that the security features in the data-sheet do what they say. This is especially problematic when the processors are used for security products, such as bitcoin wallets, cars, or authentication tokens.In this presentation we will take a look at using fault injection attacks to break some of the most popular IoT processors - using less than $100 USD of equipment.We will also release software & hardware tools to do so.

Materials:

Tags: