This research is also available in a form of slides and video from the BlackHat Europe 2016. They are available here.
Riscure has vast experience in analyzing the security of embedded systems and has been evaluating Secure Boot implementations for more than 10 years. On average, 90% of security implementations are found to be vulnerable during the first stage of evaluation. This whitepaper analyzes the most common ways to attack Secure Boot and explains how Riscure can assist in protecting at-risk devices.
Common Weaknesses
The most common threats to Secure Boot can be divided into two categories: Logical threats (e.g., Design error, Service backdoor, Driver weakness) and Hardware threats (e.g., Race condition, Selectable boot source, and Fault injection). Logical attacks are more common but easier to resolve, while physical attacks are rarer since they require more effort from an attack but can make all devices in circulation unsecure. However, it is common for attacks to involve a combination of the two or use one to find a weakness in the other. Therefore, a proper security evaluation offers an independent view of the entire application.
Fault Injection attacks
Due to their complexity, fault injection can be considered an ‘elite’ attack but has been overlooked in favor of a simpler logical weakness. Fault injection works by introducing glitches while attacking hardware via different means, such as light or time. Riscure believes that as time progresses and adversaries become better at fault injection, these ‘elite’ attacks will become more common. As such, Riscure recommends three methods to mitigate hardware and software threats.
- Testing in a lab
- Embrace secure programming methods
- Introduce countermeasures