Although security is quite well-understood on higher-end embedded systems like routers and mobile phones, microcontroller security is still stuck in the dark ages of computing. The security of most contemporary connected microcontroller-based devices is on par with the security models of early networked MS-DOS systems from the 80’s. This talk presents an overview of microcontroller system security and the peculiarities of microcontroller targets to show how these can be exploited. Happy hunting!

1. Tower defense for hackers:
Layered (in-)security for
microcontrollers
Milosch Meriac
meriac.com
@FoolsDelight

2. My Open
Software &
Hardware
Projects
meriac.com
P
O p e n P C D . o r g
f
O p e n P I C C . o r g

3. O p e n B e a c o n . o r g X b o x L i n u x C o r e T e a m
B l i n k e n l i g h t s
S t e r e o s c o p e

4. My
project at
ARM Ltd.
ARMmbed uVisor
on github
d
P r i n c i p a l S e c u r i t y E n g i n e e r

5. Security
+ Time
= Comedy
D E V I C E L I F E T I M E
w
A T T A C K S S C A L E W E L L
U
Y O U C A N ’ T S T O P I T
!

6. It’s insane fun to be
a security troll.
B E E N T H E R E , D O N E T H A T !

7. M y f a v o u r i t e : “ H e a r t o f D a r k n e s s - e x p l o r i n g t h e u n c h a r t e d
b a c k w a t e r s o f H I D i C L A S S T M s e c u r i t y ”

8. If we believe that
security requires a sound
architecture from the start, we
must stop trolling the result,
and start trolling the architecture.
B E A G O O D C I T I Z E N !
S H O W T H E M H O W T O D O I T R I G H T
C R E A T E B E S T - P R A C T I C E I o T S O L U T I O N S R U N N I N G O N U N T R U S T E D C L O U D S Y S T E M S
A N D E X E R C I S E E N D - T O - E N D E N C R Y P T I O N

9. Why is
Microcontroller
Security so hard?

10. The ugly truth™ is that
makers must find all flaws –
attackers only have to find one.
B R E A K I N G A S Y S T E M I S E A S Y .
F I X I N G A S Y S T E M I S H A R D .

11. L
MMU-LESS
ARCHITECTURES
w
LIMITED COMPUTING
POWER & MEMORY
z
RANDOM NUMBER
GENERATION
f
INTERNAL STORAGE
Security from the 80’s for today’s threats

12. “It ain’t what you don’t know
that gets you into trouble. It’s
what you know for sure that
just ain’t.”
M A R K T W A I N

13. Flat memory
models
N O S E P A R A T I O N

E S C A L A T I O N
F
V E R I F I C A T I O N
#
L E A K A G E
H

14. § Hypervisor with hardware-enforced security sandboxes
using MPU virtualization – no MMU needed.
§ Targeting ARM Cortex-M3/M4 microcontrollers
§ Apache Licensed github project in development –
integrated with ARM mbed and Keil RTX, (also Apache-
licensed)
§ Mutually distrustful security model:
§ Principle of Least Privilege
§ Boxes are protected against each other and drivers
§ Enforces API entry points across boxes
§ Box-API functionality can be restricted to specific
boxes: “Box caller ID”
§ Per-box access control lists (ACL)
§ Restrict access to selected peripherals like Flash to avoid
malware persistence
§ Remote Procedure Call API (RPC) for secure box-
box calls
Example: uVisor for microcontrollers

15. Resources
matter
P U B L I C K E Y C R Y P T O
9
S H O R T C U T S
l
C O M M U N I C A T I O N
V

16. Device power
consumption:
The perfect tool
for understanding
device operation

17. Random,
or not?
T I M E I S N O T R A N D O M
v
P R N G v s . T R N G

P R N G R E Q U I R E M E N T S
X
r a n d ( ) i s n o t r a n d o m

18. C O D E F R O M A D A T A B A S E A P P L I C A T I O N U S E D
B Y T H E G E R M A N G O V E R N M E N T
F O R S E C U R I T Y A U D I T M A N A G E M E N T
3 0 C 3 T a l k

19. Storage,
seriously?
O U T O F M E M O R Y
U
D A T A S E C U R E , T O O ?
extracted
indirectly
stepping through existing code
F
S I D E C H A N N E L S
H
r a n d ( ) i s n o t r a n d o m
R e a d p r o t e c t i o n b y p a s s

20. Case Study: Secure Firmware Update
Exposed box with
communication stack
GAP
GATT
AP
BLE LL
Bluetooth
Communicatio
n Stack
Flash interface box protected by MPU access control –
without own communication stack
CustomApplicationCode
Opaque Block
, Messages delivered independently of communication stacks
Firmware
update blocks
FW005
Firmware Update Image
Secure Storage,
Firmware Update Blocks
Re-flash Untrusted
Application Upon Completion
Opaque
Secured and trusted
device process
Decrypt
and verify
using
DTLS
§ Flash access is exclusive to the firmware update
core service.
§ Using the MPU for blocking access to the flash
controller to everybody but the firmware
update service.
§ Malware is forced to use APIs to attempt writing
to flash
§ Public Key signatures of the device owner or manufacturer
are required for API to accept an update.
§ Firmware is downloaded piece by piece into secure
storage. The system reboots after initial verification into a
boot loader for copying the new firmware into its actual
position in internal flash.
§ The internal firmware is activated after final verification.
§ Crypto watchdog box enforces remote updates
even for infected devices as only the server can
re-trigger the watchdog with its cryptographic
secret.

21. And now for something
completely
different…

22. An 180°C PTC heater from
AliExpress: $4

23. 180°C PTC heater from AliExpress: $4… taped to a ceramic plate
with Kapton tape ...
… and a superglued
screw-cap: $5

24. … and a superglued
screw-cap: $5
Decapping chips with
cheap, non-toxic
DiMethyl SulfOxide:
PRICELESS!

25. Keep on trollin’
Keep on breakin’
One fine day you’ll gonna be the one
To make us understand
Oh yeah
THANKS!
S O N G B Y T H E S P E N C E R
D A V I S G R O U P