Unlimited Results: Breaking Firmware Encryption of ESP32-V3
ESP32 is one of the most widely used microcontrollers, and is present in hundreds of million devices such as IoT applications, mobile devices, hardware wallets, etc. In 2019, Limited Results published a fault injection attack at Black Hat Europe which resulted in breaking the security of ESP32-V1 chip family. Therefore, Espressif patched this vulnerability and then advised its customers to use ESP32-V3, which is a hardened silicon revision.
In this talk, we present an in-depth hardware security evaluation for ESP32-V3. The main goal of this evaluation is to extract the firmware encryption key in order to decrypt the encrypted flash content that may possibly contain secret data.
Presented by: Karim Abdellatif, Olivier Hériveaux & Adrian Thillard
Full Abstract and Presentation Materials: https://www.blackhat.com/us-22/briefings/schedule/#unlimited-results-breaking-firmware-encryption-of-esp-v-26345
Видео Unlimited Results: Breaking Firmware Encryption of ESP32-V3 канала Black Hat
In this talk, we present an in-depth hardware security evaluation for ESP32-V3. The main goal of this evaluation is to extract the firmware encryption key in order to decrypt the encrypted flash content that may possibly contain secret data.
Presented by: Karim Abdellatif, Olivier Hériveaux & Adrian Thillard
Full Abstract and Presentation Materials: https://www.blackhat.com/us-22/briefings/schedule/#unlimited-results-breaking-firmware-encryption-of-esp-v-26345
Видео Unlimited Results: Breaking Firmware Encryption of ESP32-V3 канала Black Hat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Weaponizing Plain Text: ANSI Escape Sequences as a Forensic Nightmare
Shuffle Up and Deal: Analyzing the Security of Automated Card Shufflers
Smashing the State Machine: The True Potential of Web Race Conditions
Jailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla's x86-Based Seat Heater
Scammers Who Scam Scammers, Hackers Who Hack Hackers: Exploring a Sub-economy on Cybercrime Forums
Ret2page: The Art of Exploiting Use-After-Free Vulnerabilities in the Dedicated Cache
Attack on Titan M, Reloaded: Vulnerability Research on a Modern Security Chip
Attacks From a New Front Door in 4G & 5G Mobile Networks
Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers
AAD Joined Machines - The New Lateral Movement
A Journey Into Fuzzing WebAssembly Virtual Machines
A New Trend for the Blue Team: Using a Symbolic Engine to Detect Evasive Forms of Malware/Ransomware
Trace Me if You Can: Bypassing Linux Syscall Tracing
Monitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021
New Memory Forensics Techniques to Defeat Device Monitoring Malware
The 8th Annual Black Hat USA NOC Report
Better Privacy Through Offense: How To Build a Privacy Red Team
Backdooring and Hijacking Azure AD Accounts by Abusing External Identities
Automatic Protocol Reverse Engineering
Pwning Cloud Vendors with Untraditional PostgreSQL Vulnerabilities