Unlock the Door to my Secrets, but don’t Forget to Glitch
A comprehensive analysis of flash erase suppression attacks
DOI:
https://doi.org/10.46586/tches.v2024.i2.88-129Keywords:
embedded system security, fault-injection attack, microcontroller, firmware extraction, flash erase suppression attackAbstract
In this work, we look into an attack vector known as flash erase suppression. Many microcontrollers have a feature that allows the debug interface protection to be deactivated after wiping the entire flash memory. The flash erase suppression attack exploits this feature by glitching the mass erase, allowing unlimited access to the data stored in flash memory. This type of attack was presented in a confined context by Schink et al. at CHES 2021. In this paper, we investigate whether this generic attack vector poses a serious threat to real-world products. For this to be true, the success rate of the attack must be sufficiently high, as otherwise, device unique secrets might be erased. Further, the applicability to different devices, different glitching setups, cost, and limitations must be explored. We present the first in-depth analysis of this attack vector. Our study yields that realistic attacks on devices from multiple vendors are possible. As countermeasures can hardly be retrofitted with software, our findings should be considered by users when choosing microcontrollers for security-relevant products or for protection of intellectual property (IP), as well by hardware designers when creating next generation microcontrollers.
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Marc Schink, Alexander Wagner, Felix Oberhansl, Stefan Köckeis, Emanuele Strieder, Sven Freud, Dominik Klein
This work is licensed under a Creative Commons Attribution 4.0 International License.