Alternative Approaches for Fault Injection Countermeasures (Part 3/3)

Authors: Jeremy Boone, Sultan Qasim Khan In the previous blog post we described a set of software-based fault injection countermeasures. However, we recognize that software-based mitigations are not a silver bullet and do have several drawbacks. Though they can frustrate an attacker and reduce the reliability of an exploit attempt, a persistent attacker may possess … Continue reading Alternative Approaches for Fault Injection Countermeasures (Part 3/3)

Software-Based Fault Injection Countermeasures (Part 2/3)

Authors: Jeremy Boone, Sultan Qasim Khan  This blog post is a continuation of part 1, which introduced the concept of fault injection attacks. You can read that prior post here. When advising our clients on the matter of fault injection (FI), we are often asked how to determine whether low-level software is vulnerable, and more importantly, how … Continue reading Software-Based Fault Injection Countermeasures (Part 2/3)

An Introduction to Fault Injection (Part 1/3)

Authors: Jeremy Boone, Sultan Qasim Khan Though the techniques have existed for some time, in recent years, fault injection (FI) has emerged as an increasingly more common and accessible method of exploitation. Typically requiring physical access, an attacker can momentarily tamper with a processor’s electrical inputs (e.g., voltage or clock). By violating the safe ranges … Continue reading An Introduction to Fault Injection (Part 1/3)

There’s A Hole In Your SoC: Glitching The MediaTek BootROM

This research was conducted by our intern Ilya Zhuravlev, who has returned to school but will be rejoining our team after graduation, and was advised by Jeremy Boone of NCC Group's Hardware & Embedded Systems Practice. With the advent of affordable toolchains, such as ChipWhisperer, fault injection is no longer an attack vector that is … Continue reading There’s A Hole In Your SoC: Glitching The MediaTek BootROM

Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption

Vendor: ARM Vendor URL: https://os.mbed.com/ Versions affected: Prior to 5.15.2 Systems Affected: ARM Mbed OS Author: Ilya Zhuravlev Risk: High Summary: The ARM Mbed operating system contains a USB Mass Storage driver (USBMD), which allows emulation of a mass storage device over USB. This driver contains a three (3) memory safety vulnerabilities, allowing adversaries with … Continue reading Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption

Research Report – Zephyr and MCUboot Security Assessment

Over the years, NCC Group has audited countless embedded devices for our customers. Through these security assessments, we have observed that IoT devices are typically built using a hodgepodge of chipset vendor board support packages (BSP), bootloaders, SDKs, and an established Real Time Operating System (RTOS) such as Mbed or FreeRTOS. However, we have recently … Continue reading Research Report – Zephyr and MCUboot Security Assessment