Your Peripheral Has Planted Malware - An Exploit of NXP SOCs Vulnerability

There are billions of ARM Cortex M based SOC being deployed in embedded systems. Most of these devices are Internet ready and definitely security is always the main concern. Vendors would always apply security measurements into the ARM Cortex M product for few major reasons: 1) People will not be able to copy and replicate the product; 2) License control for the hardware and software; 3) Prevent malicious code injection in to the firmware. Vendors normally rely on the security measurements built within the chip (unique ID number/signature) or security measurements built around the chip (secure boot).

In this talk, we will share the ARM Cortex M SOC vulnerability that we discovered and it will be two parts:

The first is security measurement build within the SOC and how we break it. We could gain control of changing the SOC unique ID and write the firmware or even turn the device into a trojan or bot.

The second is security measure built around the SOC and how we break the Secure Boot elements and write into the firmware.

Speakers:


  • Yuwei Zheng, Senior Security Researcher, Unicorn Team, 360 Technology
  • Shaokun Cao, Freelance Security Researcher
  • Yunding Jian, Senior Security Researcher, Unicorn Team, 360 Technology
  • Mingchuang Qun, Senior security researcher at the Radio Security Research Department of 360 Technology,


Yuwei Zheng
Yuwei Zheng is a senior security researcher at Radio Security Department of 360 Technology, core member of UnicornTeam. He is the core researcher of decryption blackberry project, which manage to decrypt Blackberry BBM, PIN message, and BIS secure mail without keys. He is currently focusing on the security research of cellular network, IoT system, and mobile baseband. He had presented his research works at top level security conferences like BlackHat, DEF CON, HITB etc.

Shaokun Cao
Shaokun Cao is a freelance Security researcher, a consultant of UnicornTeam. He is currently focusing on the chip-level security issues, such as microcode, ROM, bootloader, and firmware.

Yunding Jian
Yunding Jian is the co-founder of UnicornTeam. He is the leader of RocTeam in the Radio Security Research Department of 360 Technology. He is the designer of all pervious SyScan360 Conference badges. He also made serial presentations on Blackhat USA, Blackhat Europe & Asia (Arsenal) ,HITB about his hardware security research and design experience.

Mingchuang Qun
Mingchuang Qin is a senior security researcher at the Radio Security Research Department of 360 Technology,the core developer of Skyscan Wireless Intrusion and Prevention System,specializing in IoT and wireless device security. With rich experience in embedded system development, he is proficient in with WiFi and Bluetooth protocol analysis and vulnerability discovery.

Detailed Presentation:

(Source: DEF CON 26)
 
 

Views: 49

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform

© 2019   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service