Abstract
We investigate the susceptibility of the Texas Instruments SimpleLink platform microcontrollers to non-invasive physical attacks. We extracted the ROM bootloader of these microcontrollers and then analysed it using static analysis augmented with information obtained through emulation. We demonstrate a voltage fault injection attack targeting the ROM bootloader that allows to enable debug access on a previously locked microcontroller within seconds. Information provided by Texas Instruments reveals that one of our voltage fault injection attacks abuses functionality that is left over from the integrated circuit manufacturing process. The demonstrated physical attack allows an adversary to extract the firmware (i.e. intellectual property) and to bypass secure boot. Additionally, we mount side-channel attacks and differential fault analysis attacks on the hardware AES co-processor. To demonstrate the practical applicability of these attacks we extract the firmware from a Tesla Model 3 key fob.
This paper describes a case study covering Texas Instruments SimpleLink microcontrollers. Similar attack techniques can be, and have been, applied to microcontrollers from other manufacturers. The goal of our work is to document our analysis methodology and to ensure that system designers are aware of these vulnerabilities. They will then be able to take these into account during the product design phase. All identified vulnerabilities were responsibly disclosed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
Instructions to report security vulnerabilities can be found at https://www.ti.com/security.
- 3.
The advisory can be found online at https://www.ti.com/lit/pdf/swra739.
- 4.
Instructions to report security vulnerabilities can be found at https://www.tesla.com/legal/security?redirect=no.
References
Agoyan, M., Dutertre, J.-M., Naccache, D., Robisson, B., Tria, A.: When clocks fail: on critical paths and clock faults. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 182–193. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12510-2_13
Anderson, R., Kuhn, M.: Tamper resistance-a cautionary note. In: Proceedings of the Second USENIX Workshop on Electronic Commerce, vol. 2, pp. 1–11 (1996)
Anderson, R., Kuhn, M.: Low cost attacks on tamper resistant devices. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 125–136. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0028165
Balasch, J., Gierlichs, B., Verdult, R., Batina, L., Verbauwhede, I.: Power analysis of Atmel CryptoMemory – recovering keys from secure EEPROMs. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 19–34. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27954-6_2
Bozzato, C., Focardi, R., Palmarini, F.: Shaping the glitch: optimizing voltage fault injection attacks. IACR Trans. Cryptogr. Hardw. Embed. Syst.2019(2), 199–224 (2019). https://doi.org/10.13154/tches.v2019.i2.199-224
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_2
Carpi, R.B., Picek, S., Batina, L., Menarini, F., Jakobovic, D., Golub, M.: Glitch it if you can: parameter search strategies for successful fault injection. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 236–252. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_16
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_3
Cui, A., Housley, R.: BADFET: defeating modern secure boot using second-order pulsed electromagnetic fault injection. In: Enck, W., Mulliner, C. (eds.) 11th USENIX Workshop on Offensive Technologies, WOOT 2017, Vancouver, BC, Canada, August 14–15, 2017. USENIX Association (2017). https://www.usenix.org/conference/woot17/workshop-program/presentation/cui
Dehbaoui, A., Dutertre, J., Robisson, B., Tria, A.: Electromagnetic transient faults injection on a hardware and a software implementations of AES. In: Bertoni, G., Gierlichs, B. (eds.) 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, Leuven, Belgium, September 9, 2012. pp. 7–15. IEEE Computer Society (2012). https://doi.org/10.1109/FDTC.2012.15
Doget, J., Prouff, E., Rivain, M., Standaert, F.: Univariate side channel attacks and leakage modeling. J. Cryptogr. Eng. 1(2), 123–144 (2011)
Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on A.E.S. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45203-4_23
Eisenbarth, T., Kasper, T., Moradi, A., Paar, C., Salmasizadeh, M., Shalmani, M.T.M.: On the power of power analysis in the real world: a complete break of the KeeLoq code hopping scheme. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 203–220. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85174-5_12
Ferrigno, J., Hlavác, M.: When AES blinks: introducing optical side channel. IET Inf. Secur. 2(3), 94–98 (2008)
Fioraldi, A., Maier, D., Eißfeldt, H., Heuse, M.: AFL++ : Combining incremental steps of fuzzing research. In: Yarom, Y., Zennou, S. (eds.) 14th USENIX Workshop on Offensive Technologies, WOOT 2020, August 11, 2020. USENIX Association (2020), https://www.usenix.org/conference/woot20/presentation/fioraldi
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_21
Garbelini, M.E., Wang, C., Chattopadhyay, S., Sun, S., Kurniawan, E.: SweynTooth: unleashing mayhem over bluetooth low energy. In: Gavrilovska, A., Zadok, E. (eds.) 2020 USENIX Annual Technical Conference, USENIX ATC 2020, July 15–17, 2020. pp. 911–925. USENIX Association (2020). https://www.usenix.org/conference/atc20/presentation/garbelini
Gerlinksy, C.: Breaking code read protection on the NXP LPC-family microcontrollers. In: RECON, Brussels, Belgium (2017)
Giraud, C.: DFA on AES. In: Dobbertin, H., Rijmen, V., Sowa, A. (eds.) AES 2004. LNCS, vol. 3373, pp. 27–41. Springer, Heidelberg (2005). https://doi.org/10.1007/11506447_4
Goodspeed, T.: Practical attacks against the MSP430 BSL. In: Twenty-Fifth Chaos Communications Congress. Berlin, Germany (2008)
Goodspeed, T.: A side-channel timing attack of the MSP430 BSL. Black Hat USA (2008)
den Herrewegen, J.V., Oswald, D.F., Garcia, F.D., Temeiza, Q.: Fill your boots: enhanced embedded bootloader exploits via fault injection and binary analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(1), 56–81 (2021). https://doi.org/10.46586/tches.v2021.i1.56-81
Hospodar, G., Gierlichs, B., Mulder, E.D., Verbauwhede, I., Vandewalle, J.: Machine learning in side-channel analysis: a first study. J. Cryptogr. Eng. 1(4), 293–302 (2011)
Kartal, O.: Dragon Dance (2020). https://github.com/0ffffffffh/dragondance
Kasper, M., Kasper, T., Moradi, A., Paar, C.: Breaking KeeLoq in a flash: on extracting keys at lightning speed. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 403–420. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02384-2_25
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_25
Kocher, P.C., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptogr. Eng. 1(1), 5–27 (2011)
Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: Guthery, S.B., Honeyman, P. (eds.) Proceedings of the 1st Workshop on Smartcard Technology, Smartcard 1999, Chicago, Illinois, USA, May 10–11, 1999. USENIX Association (1999). https://www.usenix.org/conference/usenix-workshop-smartcard-technology/design-principles-tamper-resistant-smartcard
Ledger-Donjon: Rainbow (2021). https://github.com/Ledger-Donjon/rainbow
LimitedResults: nRF52 Debug Resurrection (APPROTECT Bypass) (2020). https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/ Accessed 9 Dec 2021
Lu, Y.: Attacking Hardware AES with DFA (2019). https://yifan.lu/2019/02/22/attacking-hardware-aes-with-dfa/ Accessed 9 Dec 2021
Maurine, P.: Techniques for EM fault injection: Equipments and experimental results. In: Bertoni, G., Gierlichs, B. (eds.) 2012 Workshop on Fault Diagnosis and Tolerance in Cryptography, Leuven, Belgium, September 9, 2012. pp. 3–4. IEEE Computer Society (2012). https://doi.org/10.1109/FDTC.2012.21
Meriac, M.: Heart of darkness-exploring the uncharted backwaters of hid iclass (tm) security. In: 24th Chaos Communication Congress (2010)
Moradi, A., Schneider, T.: Improved side-channel analysis attacks on xilinx bitstream encryption of 5, 6, and 7 series. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 71–87. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-43283-0_5
Moustafa, M.: Emerald (2021). https://github.com/reb311ion/emerald
Obermaier, J., Schink, M., Moczek, K.: One exploit to rule them all? on the security of drop-in replacement and counterfeit microcontrollers. In: Yarom, Y., Zennou, S. (eds.) 14th USENIX Workshop on Offensive Technologies, WOOT 2020, August 11, 2020. USENIX Association (2020). https://www.usenix.org/conference/woot20/presentation/obermaier
Obermaier, J., Tatschner, S.: Shedding too much light on a microcontroller’s firmware protection. In: 11th USENIX Workshop on Offensive Technologies (WOOT 17). USENIX Association, Vancouver, BC (Aug 2017). https://www.usenix.org/conference/woot17/workshop-program/presentation/obermaier
O’Flynn, C.: Fault injection using crowbars on embedded systems. IACR Cryptol. ePrint Arch. p. 810 (2016). http://eprint.iacr.org/2016/810
O’Flynn, C.: Low-cost body biasing injection (BBI) attacks on WLCSP devices. In: Liardet, P.-Y., Mentens, N. (eds.) CARDIS 2020. LNCS, vol. 12609, pp. 166–180. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-68487-7_11
O’Flynn, C., Chen, Z.D.: Chipwhisperer: an open-source platform for hardware embedded security research. In: Constructive Side-Channel Analysis and Secure Design - 5th International Workshop, COSADE 2014, Paris, France, April 13–15, 2014. Revised Selected Papers. pp. 243–260 (2014). https://doi.org/10.1007/978-3-319-10175-0_17
O’Flynn, C.: d’Eon Greg: I, for One. Welcome Our New Power Analysis Overlords - An Introduction to ChipWhisperer-Lint, Black Hat USA (2018)
Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): measures and counter-measures for smart cards. In: Attali, I., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45418-7_17
Roche, T., Lomné, V., Mutschler, C., Imbert, L.: A Side Journey To Titan. In: Bailey, M., Greenstadt, R. (eds.) 30th USENIX Security Symposium, USENIX Security 2021, August 11–13, 2021. pp. 231–248. USENIX Association (2021). https://www.usenix.org/conference/usenixsecurity21/presentation/roche
Ronen, E., Shamir, A., Weingarten, A., O’Flynn, C.: IoT goes nuclear: creating a ZigBee chain reaction. In: 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22–26, 2017. pp. 195–212. IEEE Computer Society (2017). https://doi.org/10.1109/SP.2017.14
Roth, T.: SVD-Loader for Ghidra (2019). https://github.com/leveldown-security/SVD-Loader-Ghidra
Roth, T., Nedospasov, D., Josh, D.: wallet.fail - hacking the most popular cryptocurrency hardware wallets. In: Thirty-Fifth Chaos Communications Congress. Berlin, Germany (2018)
Seri, B., Vishnepolsky, G., Zusman, D.: BLEEDINGBIT: The Hidden Attack Surface Within BLE Chips (2018). https://info.armis.com/rs/645-PDC-047/images/Armis-BLEEDINGBIT-Technical-White-Paper-WP.pdf. Accessed 12 Apr 2021
Shepherd, C., Markantonakis, K., van Heijningen, N., Aboulkassimi, D., Gaine, C., Heckmann, T., Naccache, D.: Physical fault injection and side-channel attacks on mobile devices: a comprehensive survey. CoRR abs/2105.04454 https://arxiv.org/abs/2105.04454 (2021)
Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_2
Teuwen, P.: SideChannelMarvels - PhoenixAES (2021). https://github.com/SideChannelMarvels/JeanGrey
Texas Instruments: understanding security features for SimpleLink™Bluetooth® low energy CC2640R2F MCUs (2017). https://www.ti.com/lit/ml/swpb016a/swpb016a.pdf. Accessed 9 Dec 2021
Texas Instruments: Secure Boot in SimpleLink™CC13x2/CC26x2 Wireless MCUs (2019). https://www.ti.com/lit/an/swra651/swra651.pdf. Accessed 9 Dec 2021
Texas Instruments: CC13x0, CC26x0 SimpleLink™Wireless MCU Technical Reference Manual (2020). https://www.ti.com/lit/ug/swcu117i/swcu117i.pdf. Accessed 9 Dec 2021
Texas Instruments: CC13xx/CC26xx Hardware Configuration and PCB Design Considerations (2020). https://www.ti.com/lit/an/swra640e/swra640e.pdf. Accessed 9 Dec 2021
Texas Instruments: Applications for the SimpleLink™platform (2021). https://www.ti.com/wireless-connectivity/applications.html. Accessed 9 Dec 2021
Timon, B.: Non-profiled deep learning-based side-channel attacks with sensitivity analysis. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2019(2), 107–131 (2019). https://doi.org/10.13154/tches.v2019.i2.107-131
Wouters, L., Gierlichs, B., Preneel, B.: My other car is your car: compromising the Tesla Model X keyless entry system. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2021(4), 149–172 (2021). https://doi.org/10.46586/tches.v2021.i4.149-172
Wouters, L., den Herrewegen, J.V., Garcia, F.D., Oswald, D.F., Gierlichs, B., Preneel, B.: Dismantling DST80-based immobiliser systems. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2020(2), 99–127 (2020). https://doi.org/10.13154/tches.v2020.i2.99-127
Acknowledgements
We want to thank the Texas Instruments and Tesla product security incident response teams for their responsiveness. This work was supported in part by CyberSecurity Research Flanders with reference number VR20192203. In part by the Research Council KU Leuven C1 on Security and Privacy for Cyber-Physical Systems and the Internet of Things with contract number C16/15/058. In addition, this work was supported by the European Commission through the Horizon 2020 research and innovation programme under grant agreement Cathedral ERC Advanced Grant 695305, under grant agreement H2020-FETFLAG-2018-03-820405 QRANGE and under grant agreement H2020-DS-LEIT-2017-780108 FENTEC.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Wouters, L., Gierlichs, B., Preneel, B. (2022). On the Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-invasive Physical Attacks. In: Balasch, J., O’Flynn, C. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2022. Lecture Notes in Computer Science, vol 13211. Springer, Cham. https://doi.org/10.1007/978-3-030-99766-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-99766-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-99765-6
Online ISBN: 978-3-030-99766-3
eBook Packages: Computer ScienceComputer Science (R0)