Unlimited Results: Breaking Firmware Encryption of ESP32-V3
ESP32 is one of the most widely used microcontrollers, and is present in hundreds of million devices such as IoT applications, mobile devices, hardware wallets, etc. In 2019, Limited Results published a fault injection attack at Black Hat Europe which resulted in breaking the security of ESP32-V1 chip family. Therefore, Espressif patched this vulnerability and then advised its customers to use ESP32-V3, which is a hardened silicon revision.
In this talk, we present an in-depth hardware security evaluation for ESP32-V3. The main goal of this evaluation is to extract the firmware encryption key in order to decrypt the encrypted flash content that may possibly contain secret data.
Presented by: Karim Abdellatif, Olivier Hériveaux & Adrian Thillard
Full Abstract and Presentation Materials: https://www.blackhat.com/us-22/briefings/schedule/#unlimited-results-breaking-firmware-encryption-of-esp-v-26345
Видео Unlimited Results: Breaking Firmware Encryption of ESP32-V3 канала Black Hat
In this talk, we present an in-depth hardware security evaluation for ESP32-V3. The main goal of this evaluation is to extract the firmware encryption key in order to decrypt the encrypted flash content that may possibly contain secret data.
Presented by: Karim Abdellatif, Olivier Hériveaux & Adrian Thillard
Full Abstract and Presentation Materials: https://www.blackhat.com/us-22/briefings/schedule/#unlimited-results-breaking-firmware-encryption-of-esp-v-26345
Видео Unlimited Results: Breaking Firmware Encryption of ESP32-V3 канала Black Hat
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Weaponizing Plain Text: ANSI Escape Sequences as a Forensic NightmareShuffle Up and Deal: Analyzing the Security of Automated Card ShufflersSmashing the State Machine: The True Potential of Web Race ConditionsJailbreaking an Electric Vehicle in 2023 or What It Means to Hotwire Tesla's x86-Based Seat HeaterScammers Who Scam Scammers, Hackers Who Hack Hackers: Exploring a Sub-economy on Cybercrime ForumsRet2page: The Art of Exploiting Use-After-Free Vulnerabilities in the Dedicated CacheAttack on Titan M, Reloaded: Vulnerability Research on a Modern Security ChipAttacks From a New Front Door in 4G & 5G Mobile NetworksAndroid Universal Root: Exploiting Mobile GPU / Command Queue DriversAAD Joined Machines - The New Lateral MovementA Journey Into Fuzzing WebAssembly Virtual MachinesA New Trend for the Blue Team: Using a Symbolic Engine to Detect Evasive Forms of Malware/RansomwareTrace Me if You Can: Bypassing Linux Syscall TracingMonitoring Surveillance Vendors: A Deep Dive into In-the-Wild Android Full Chains in 2021New Memory Forensics Techniques to Defeat Device Monitoring MalwareThe 8th Annual Black Hat USA NOC ReportBetter Privacy Through Offense: How To Build a Privacy Red TeamBackdooring and Hijacking Azure AD Accounts by Abusing External IdentitiesAutomatic Protocol Reverse EngineeringPwning Cloud Vendors with Untraditional PostgreSQL Vulnerabilities