Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction

User avatar
brp80000
Posts: 138
Joined: Thu Oct 04, 2018 7:13 pm

Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction

Postby brp80000 » Sun Mar 08, 2020 6:14 pm

I'm very concerned.
https://limitedresults.com/2019/11/pwn- ... xtraction/

Opening the ESP 32 is performed by resetting the fuse bits stored in the chip at the start, which do not allow further reading of the encryption key. This is done by briefly 'turning off ' the power, after which the keys in eFuse are available for reading.
Errors in the fact that the chip should set the closed state in triggers by default .

Maybe it is possible to completely disable the com port? Then it would be better to resist the attack

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction

Postby ESP_Angus » Sun Mar 08, 2020 10:30 pm

Hi brp,

There is a security advisory and an impact analysis document available about this attack, you may find the information useful:
https://www.espressif.com/en/news/Secur ... rotections
https://www.espressif.com/en/news/ESP32_FIA_Analysis

As well as additional protections against fault injection, the ESP32 ECO V3 revisions mentioned in these documents also include an option to disable the UART download mode entirely.

Who is online

Users browsing this forum: top_secret_guy and 90 guests