IoT Security – How to protect firmware from attack - Part 1 – #Day6 [TWT🏆]

SamWells · February 22, 2021, 10:31am

How to protect firmware from attack - Part 1

In the previous post – IoT Security – Hacking the Firmware #Day5 , we learn how to hack/reverse the firmware to exploit it, today let’s look at how to protect your IoT firmware from attack.

Remove IC Marking

In the old days, protecting your device from being hacked is as simple as scraping off the marking of the IC to make it hard for hacker to identify the IC thus harder to gather information and conduct attack, an IC with its marking removed looks like this,

Security Fuse

640

Modern microcontrollers usually have security fuse integrated to prevent data in the memory from being sent to the output buffer, in short it stops read back of the flash and EEPROM memory and the only way to reset the security fuse is to erase the entire chip, which in turn protect our firmware.

Security fues comes in both hardware form and software form, both have its merits and shortcomings. For example, hardware security fuese are easier to integrate to the IC as it doesn’t require modification to the IC design but it’s also easier to be located and attacked using invasive methods. Software fuses though, are harder to located and attacked as it’s store in the first block of the EEPROM and only when correct password is given then can you read back from that memor. However, this is also subjected to invasive attack like noise attack etc.

Top Metal Shield

640 (1)

Some microcontroller has metal shield integrated which would monitor for any kind of short circuit and open circuit – especially common in invasive attacks. Once detected, it will erase all the data on the memory.

This method is good at protecting IC from invasive attack, but it’s hard to design and also easily subjected to abnormalities such as high/low temprature, electromagnetic noise etc.

Bus Encryption

640 (2)
This method encrypted the data transmitted between the memory and CPU, even if attacker gain access to the data, without a valid key, they are unable to decrypt the data and make sense of it. Also, by making the keys unique to each device, it becomes almost impossible to hack and gain access to the sensitive information on the device.

However, its strength is also its weakness, because its so complex, IC with bus encryption tends to be a lot more expensive and harder to order in small volume, even development tools are more expensive and generally require signing NDA (Non Disclosure Agreement), also it usually comes with very limited I/O port, making it unsuitable for many applicaitons.

Topic		Replies	Views
IoT Security – Firmware Reverse Engineering – #Day4 [TWT🏆] Resources/資源 security	0	820	February 16, 2021
Persistent Data (eeprom) - RTL8720DN Arduino SDK rtl8720dn	6	561	May 21, 2021
Problem with partially erased default firmware on BW16 Technical Support	6	330	April 9, 2022
Help needed to erase the default firmware on a standalone BW16 Technical Support	18	1272	August 18, 2021
[Sharing] Which Serial to USB module is best for your DIY development board? (C340\|CP2102\|FT232) Sharing/分享 general , resource	2	3157	September 16, 2021