Just read an article about a ‘forever flaw’ with ESP32 devises. https://www.infoq.com/news/2019/12/esp32-fatal-fury/
Is this still an issue? resolved by the mfr? date?
tia
ptegler
Yes. For affected devices
This is a physical attack meaning the attacker has the device in hands
At that point all security is lost.
This attack requires physical access to the device, and the time and resources to modify the device to apply fault injection.
correct ‘physical’ access… it’s call the supply chain. It happens on even big A---- software systems.
heck the US Gov (and a lot of BIG companies) got nailed with a backdoor as the result of alternations in the master software system that installs the updates. It’s the premise of many ‘software’ insertions… when hardware is ‘no longer’ what you think it is.
If you are really concerned about this, you should DEFINITELY stay away from home automation and ALL networked things. The only secure computer is the one turned off and then only as long as it is turned off and in your hands.
There are newer versions of the esp32, but it is likely just a matter of time before they give up their secrets too. The question is how much security do you need and how much are you willing to pay for it.?
This is what the exploit does:
This FATAL exploit allows an attacker to decrypt an encrypted firmware because he is now in possession of the AES Flash Encryption Key.
Worst case scenario, he is now able to forge his own valid firmware (using the Secure Boot Key) then encrypt it (using the Flash Encryption Key) to replace the original firmware PERMANENTLY.
This last post closes my security investigation on ESP32, which I consider now as a broken platform.
Most people doing esphome do NOT use the efuse and do NOT encrypt the firmware. I am not even clear how you could do that with esphome, but I suppose it is possible. Basically, you can’t trust secure boot on the esp32.
Actually you can’t trust TPM on any platform as it too, has already been hacked/broken.
The efuse can be burned for a any code locations/bit positions. ESPhome,… no access without the full libraries and coded as such. My concern was simply supply chain tampering, embedding backdoor tricks etc. I’ve got the software to burn the efuses as desired. (github I believe?) but didn’t want to waste a device just for giggles.
You seem knowledgeable about the issues, but I am unclear on what you are asking.
You literally asked if a HW defect in the esp32 chipset was fixed. There have been more recent versions that probably address the exact vulnerability. But as you are aware that TPM in general has also been exploited, you should know that security is always about how great an extent are you willing to go to protect something.
So, what question are you asking?
If you know you can’t completely trust security on any platform, what are you trying to protect and from whom?
Never was an issue when running ESPHome because this broken “security” feature isn’t used.
So why are you posting in the esphome category then when it is not even related?
it IS related as you are engaging an entire category of devices that have a security flaw BUILT IN! Correct, ESPHome does not include ‘coding’ to access or program the efuses. but that does not mean the ESPs can not be compromised BEFORE you even get your own hands on them! It’s flat out B.S. (or total crap design?) that it can’t be fixed considering how long the issue has been known. Supposedly the D0WD-V3 version of the chip has ROM checks to negate this issue, but no other version (as of any vendor published info avail to date), or info as to which ESP32 modules uses that chip.
And just for clarity, it is not a ‘hardware’ issue’ hardware without the firmware, does nothing. Firmware optimization and register use need to be re-eval’ed (??)
And you can NOT say this for whatever other hardware or even software? Cisco? Apple? Microsoft? Atlassian? Solarwinds? Just to name a few (in)famous examples
To avoid supply chain attacks you might just want to stop the use of hard- or software completely and go back to pen and pencil
You do realize that nobody on this forum is likely responsible for any of the choices made by Espressif?
Also, what exactly is your goal with this thread?
Have you done a threat model that says you need to be concerned about this particular vulnerability of the esp32?
Since I never plan on burning the efuses of my esp32 chips, this particular issue doesn’t bother me. The fact that my old m stack devices use (probably counterfeit) FTDI chips and don’t work over 115K or that my new fire beetle 2’s use (possibly counterfeit) CH340 chipsets and don’t work at all with the latest driver (but do work with the older driver) impact me much more.
You could use the esp8266. It doesn’t have the vulnerability, but then it also doesn’t have the capability either. You could try the rp2040, but based on this thread, you will need to do a LOT more to get decent security. https://forums.raspberrypi.com/viewtopic.php?t=324901
So, what exactly are you trying to protect yourself from? Or, what are you trying to prevent others from doing to you or your things?
Or, are you suggesting that we all should stop using esp32 chips and that esphome should stop supporting them?
pagers come to mind…