The global chip shortage is leading to a variety of issues in electronics supply chains, from lead times of over two years to ten-fold price increases. Riscure has seen examples of such shortages impacting low-level functionality of embedded devices, as well as various DRM systems. From smart TVs protecting the keys for streaming content to label printer consumables with radio-frequency identification (RFID) tags. The lesson to learn here is to plan for the worst outcome, and make sure necessary changes in the schematics and switching to a different component type does not impact the security.
How does the shortage impact the security of your products?
The shortage forces vendors to redesign circuit boards and to consider a small range of equivalent parts. Let’s take two examples of how the chip shortage impacts device security. Specifically, we want you to consider the security of each modification to the device, and not blindly trust the security decisions that were made in the past.
Each circuit board revision increases the chances of a successful attack, and an adversary will make use of this fact. It is not uncommon for an attacker to get stuck with the attack on a hardened embedded device. The attacker does not have the means (skills or methods) to defeat the security measures protecting the assets. When a redesigned embedded system goes to the market, for example with a different SoC, an attacker can gain insight by acquiring the revision and leveraging the knowledge gained so far. By attacking more revisions of the same product at the same time, an attacker may get further than with a single device.
The second scenario is about security functions that are inherent to the protocol or device type. For example, Trusted Execution Environment (TEE) relies on Replay Protected Memory Blocks (RPMB) in EMMC and UFS memory. This is a critical feature as it protects the Trusted Application (TA) from a rollback to a previous state. A rollback attack allows an attacker to bypass DRM by circumventing the product lifecycle security. If, due to the shortage, the memory is replaced by a type that does not support RPMB, and the product lifecycle is not otherwise guaranteed, the DRM can become compromised.
If you face difficult design choices due to a components shortage, our recommendation is to reevaluate the security of embedded devices at regular intervals, and to do delta evaluations before releasing a revision. Riscure has experience with testing the security of various embedded devices. Find out more about how Riscure can help you evaluate and secure your development on our website or reach out to us via firstname.lastname@example.org.