Black-Box Laser Fault Injection on a Secure Memory

Presented at Black Hat USA 2020 Virtual, Aug. 6, 2020, 1:30 p.m. (40 minutes).

With the constant development of electronic devices, their increasing complexity and need for security, cryptography in embedded systems has become a strong requirement to protect data or secure communications. Some devices run on standard low-cost microcontrollers, which are vulnerable to low-budget physical attacks allowing the retrieval of secret materials, such as cryptographic keys. More sophisticated devices use dedicated security circuits able to withstand higher levels of physical attacks.

We present vulnerability research conducted on one of those secure chips: the Microchip ATECC508A, a secure memory widely used in IoT devices, which is able to store small secret data blobs protected by cryptographic authentication. We present a vulnerability we found which allows a highly equipped and skilled attacker to retrieve a secret data slot by bypassing authentication using Laser Fault Injection.

The talk walks through the experimental methodology we used to understand and develop the attack in a complete black-box approach, as the firmware of the device is an industry kept secret. Finally, we assess the difficulty of this attack in a real-case scenario: a PIN code and seed recovery on a hardware wallet, and demonstrate it is practical despite the setup cost.


Presenters:

  • Olivier Hériveaux - Hardware Security Researcher, Ledger   as Olivier Heriveaux
    Olivier Heriveaux has 11 years experience in hardware security research. He worked previously in the defense industry and is now a hardware security researcher at Ledger.

Links:

Similar Presentations: