We are excited to announce that 2 submitted papers from our IOActive research team have been accepted for Woot ’25 (19th USENIX WOOT Conference on Offensive Technologies), taking place August 11 – 12 in Seattle, WA. You can find titles and abstracts for the talks below!
Extraction of Secrets from 40nm CMOS Gate Dielectric Breakdown Antifuses by FIB Passive Voltage Contrast
Authors: Andrew D. Zonenberg, Antony Moor, Daniel Slone, Lain Agan, and Mario Cop, IOActive
Abstract: CMOS one-time-programmable (OTP) memories based on antifuses are widely used for storing small amounts of data (such as serial numbers, keys, and factory trimming) in integrated circuits due to their low cost, requiring no additional mask steps to fabricate.
Device manufacturers and IP vendors have claimed for years that antifuses are a “high security” memory which is significantly more difficult for an attacker to extract data from than other types of memory, such as Flash or mask ROM – however, as our results show, this is untrue.
In this paper, we demonstrate that data bits stored in a widely used antifuse block can be extracted by a semiconductor failure analysis technique known as passive voltage contrast (PVC) using a focused ion beam (FIB). The simple form of the attack demonstrated here recovers the bitwise OR of two physically adjacent memory rows sharing common metal 1 contacts, however we have identified several potential mechanisms by which it may be possible to read the even and odd rows separately.
We demonstrate the attack on a commodity microcontroller made on the 40nm node and show how it can be used to extract significant quantities of sensitive data, such as keys for firmware encryption, in time scales which are very practical for real world exploitation (1 day of sample prep plus a few hours of FIB time) with only a single target device required after initial reconnaissance has been completed on blank devices.
Security through Transparency: Tales from the RP2350 Hacking Challenge
Authors: Andrew Zonenberg, IOActive; Marius Muench, University of Birmingham; Aedan Cullen and Kévin Courdesses, Independent; Thomas ‘stacksmashing’ Roth, Hextree
Abstract: Security of Microcontroller Units (MCUs) is crucial for the modern computing landscape, as they often provide a root-of-trust to larger systems or are embedded in safety-critical applications. To prevent attackers from running unsigned code, many MCUs implement secure boot mechanisms.
One such MCU is the recently released RP2350, which combines secure boot with additional hardware features to protect against fault injection attacks. In this paper, we demonstrate the possibility of fault injection and secret extraction attacks despite the presence of dedicated countermeasures.
We showcase five different attacks that break the secure boot guarantees of a locked down RP2350 chip. Our attacks leverage voltage, electromagnetic, and laser fault injection techniques. They allow us to bring back disabled CPU cores and debugging ports, boot unverified firmware images, bypass signature verification checks, and provide unprivileged access to sensitive data. We further demonstrate direct extraction of antifuse memory contents using focused ion beam passive voltage contrast. To improve the MCU security landscape, we propose potential mitigations against our attacks and share our lessons learned with the community.
About the Conference: “The USENIX WOOT Conference on Offensive Technologies brings together both academics and practitioners in the field of offensive security research. Occurring annually since 2007, when it was first founded as the Workshop on Offensive Technologies, WOOT has become the top venue for collaboration between academia, independent hackers, and industry participants on offensive research. As offensive security has changed over the years to become a large-scale operation managed by well-capitalized actors, WOOT has consistently attracted a range of high-quality, peer-reviewed work from academia and industry on novel attacks, state-of-the-art tools, and offensive techniques.”