In this presentation we will show a case study on a modern MCU with a security domain. In the case study, we will see that hardware-only or software-only attack paths seem to be quite complex. However, a combined Fault Injection (FI) + Software Exploit attacking approach (using simple attacks both for FI and SW EXP) ends up being easier and leading to a full system compromise, including the security domain. Specifically, we will show that FI only approaches may be non-trivial or unsuccessful (e.g. due to lower success probability, especially if using entry-level equipment), and SW exploiting may also be difficult or not possible (e.g. multiple vulnerabilities may be needed - this makes exploitation harder, or SW can be updated – complex exploit chains can be mitigated if one of the used vulns is mitigated). Our contribution shows that a divide and conquer approach (combining a simple FI attack with a single software exploit) can fully compromise the targeted system security domain with less effort, due to the FI attack significantly lowering the requirements of the SW exploit.
Rafael Boix Carpi (Rafa) is a Principal Trainer and Security Specialist at Riscure. His fields of expertise include side channel analysis and fault injection in embedded devices. Rafa has presented talks and workshops/training courses at several conferences worldwide, as well as authored and collaborated on several research papers. Rafa enjoys working with customers to come up with an effective strategy to enhance the security of their products. He is interested in information security, software development, hardware hacking and embedded devices, especially in the automotive domain;basically tearing apart any device with chips on it until its secrets are revealed and sharing how to do it for learning how to make things more secure./p>
Federico Menarini is a Principal Security Analyst at Riscure. Federico has 16+ years of experience in security evaluations involving all types of software/hardware solutions, from low-level Embedded Systems and smartcards, to state-of-the-art mobile phone security platforms & solutions, and anything in-between. Federico has also authored several papers related to hardware security.