РУС
BACK
With the growing number of devices all around, physical attacks, as a vector, have been perceived as quite the reality. Light bulbs and watches now do more than illuminate and show the time, they also store Wi-Fi passwords, heart rate graphs, and phone notifications. Chip manufacturers are not lagging behind and are trying to protect themselves from physical attackers.
The protagonists of the report will be a series of ESP32 chips. These are microcontrollers for smart devices equipped with Wi-Fi and Bluetooth, which have become a de facto standard in the modern world and are used by literally everyone, from large corporations like Amazon to DIYers.
These microcontrollers are equipped with many advanced protection technologies:
  • Flash Encryption allows you to store and execute encrypted code.
  • SecureBoot verifies that executable code is obtained from the developer.
  • Cryptographic modules allow secure connections to be established over the global web.
What should a hacker do if they encounter such devices?
Side-channel attacks (SCA) are a class of attacks that extract information not directly (e.g., through debugging interfaces) but through mechanisms not designed for this purpose. The talk will cover two areas of SCA in detail:
  • Correlation analysis of the power supply. The speaker talks about anomalies in chip power consumption, how to spot them, and how a mathematical function from the late 19th century can help here.
  • The glitch. This implies listening to the chips and attacking them. Alexey will explain what effect can be achieved if you switch off the chip for a split second.
Experienced audience will be especially interested in the story about new approaches to the mentioned attacks. The speaker will disclose new vulnerabilities for several chips from the ESP32 series that have not been previously published in the public domain.
Based on the results of the research, the vendor was notified of the vulnerabilities, but no CVE was assigned because the vendor referred to earlier research that showed vulnerabilities for other chips in the series. Nevertheless, Alexey’s approach utilizes new techniques and vulnerabilities that have never been published before
SPEAKERS
Alexey Shalpegin
Hardware Security Researcher, Positive Labs
Alexey likes reverse engineering and systems development (drivers, MCUs, FPGA). As a hobby, he researches the security of various gaming consoles.
A multiple winner of habr.com Technotext contest in information security
We use cookies to personalize our services and enhance your browsing experience. You can disable cookies in your browser settings. Read our cookie policy to learn more about how we use cookies