English
2.5D Multi-Core Raster & Vector Graphics Processor for low-power SoCs with Microcontroller
Industry Expert Blogs
|
Ensuring IoT Security Against Side Channel Attacks for ESP32Crypto Quantique Blog - Rohan Panesar, Anthony Elder (Crypto Quantique)Feb. 08, 2024 |
ESP32 boards are the building blocks for many IoT devices today, with applications spanning smart home, healthcare, IIoT and beyond. Espressif have held the number one position for market share in Wi-Fi MCUs, worldwide, for the past 6 years. They come with reasonable security functionality, as the latest C3/C6 products both include secure boot and flash encryption among other features.
A hardware vulnerability has been identified in the ESP32-C3 and ESP32-C6 chips. This vulnerability allows an attacker to compromise the secure boot and flash encryption, meaning sensitive data such as passwords or cryptographic keys can be extracted.
This attack uses a technique known as Correlation Power Analysis, a form of side channel attack, to extract the encryption key from the first flash block. Attackers can then use a buffer overflow exploit using a fault injection technique in ROM code to load and execute shellcode in the internal memory; bypassing the device secure boot.
Related Blogs
- Mitigating Side-Channel Attacks In Post Quantum Cryptography (PQC) With Secure-IC Solutions
- Ecosystem Collaboration Drives New AMBA Specification for Chiplets
- QuiddiKey: A Single Cryptographic Solution for the Lifecycle of a Connected Device
- Digitizing Data Using Optical Character Recognition (OCR)
- Extending Arm Total Design Ecosystem to Accelerate Infrastructure Innovation