Kévin Courdesses Breaks the ESP32-V3, ESP32-C3, and ESP32-C6 Wide Open with a Side-Channel Attack

No software fix ever. Ex0ressif says they will fix it in future releases of the models but everyone out there can be vulnerable. Now, outside being able to read data, which is still bad, could be a huge security vulnerability but just didn’t see anything posted about

NOTE: Needs physical or nearby access to work so it will probably never be used in the wild, or extremely less likely but you never know. Physical access makes it way more of a targeted attack IF it ever shows up in the wild. I believe only 5 to 10 percent of security vulnerabilities end up actually being used for malicious purposes.

www.hackster.io/news/kevin-courdesses-breaks-the-esp32-v3-esp32-c3-and-esp32-c6-wide-open-with-a-side-channel-attack-93af376b63

“I wanted to keep things low-cost,” Courdesses writes of his — successful — attempts to reproduce the team’s results. “This means no five-figure digital oscilloscope could be used, as [is] sometimes the case for such attacks.”

Courdesses began by targeting the same ESP32 devices as Abdellatif et al — repeating the team’s research but at a considerably reduced cost. For this, Courdesses designed a swappable cartridge-based host board dubbed the ESP CPA and swappable cartridges with each target microcontroller.

Key to the attack’s performance: a stable temperature, ensured by each cartridge including both a temperature sensor and a resistive heating element. Power sampling is handled by an analog to digital converter (ADC) sampling at 12MHz, with the target microcontroller underclocked, and an FPGA provides clock timings and a faked external flash device.

After successfully replicating the original research, Courdesses turned to two newer Espressif devices: the ESP32-C3 and ESP32-C6, both released after the company’s move to using the free and open source RISC-V instruction set architecture. These, Espressif claimed in the aftermath of the Abdellatif et al paper, use a more complex XTX-AES encryption process — making them more difficult to attack through side-channel vulnerabilities.

More difficult, though, doesn’t mean it’s impossible: Courdesses found that a tweaked approach could crack the flash in 128-byte blocks, and that only the first 128 bytes need be controlled in order to bypass secure boot and run arbitrary code to extract the rest of the flash content.

Even specific countermeasures added to the ESP32-C6 proved fallible: “The countermeasures implemented to protect the ESP32-C6 against side-channel attacks don’t appear to be effective,” Courdesses concluded. "The masking countermeasure doesn’t seem to have much impact, while the hiding countermeasure can be undermined by guessing the behavior of the crypto-cloc

Espressif has responded to Courdesses’ disclosure with a security advisory (PDF), warning that “at present there is no software [or] hardware fix available” but that it plans to “incorporate hardware countermeasures in the chip[s]” to mitigate the vulnerabilities in the future.

k

2 Likes

What is your question?

So a person can dismantle your ESP32 device, desolder the ESP32 to put it in a special harness, and they can read the firmware out?

Sounds like a boon to anyone trying to unlock a commercial device to open it to installing open source firmware without losing functionality, and a “who cares?” in every other circumstance.

1 Like

No question, I’m assuming this should have been posted somewhere else, if at all? If so just delete this post and my bad, I’ll look more closely at the rules as it’s been a while.

1 Like

What is your answer?

Can’t answer to non question.

I came here for the OP headline, but I’m staying for the existentialism :wink:

“Hello Alex”, said Lindsay.
“Hello Lindsay”, Alex answered.

(?)

1 Like