{"guid":"5337766f-3676-4a2a-b1f6-4bd66b4d71af","title":"Tales from Hardware Security Research","subtitle":"From Research over Vulnerability Discovery to Public Disclosure","slug":"Camp2019-10292-tales_from_hardware_security_research","link":"https://fahrplan.events.ccc.de/camp/2019/Fahrplan/events/10292.html","description":"Almost every microcontroller features firmware readout protection. It aims at securing the code, algorithms, and cryptographic keys against unauthorized access. Despite datasheets are promising strong security, our research shows that this is often far from being true. In this talk we want to shed light onto the \"why?\" and especially \"how?\" we approach the security testing of such protection mechanisms. Furthermore, we will talk about our attempts, discussions, and hassles from the vulnerability disclosure process - from successful ones to dead ends.\n\nSince several years, we, Johannes and Marc, do practical research in the field of embedded system security at a research institute. In this talk, we want to give an insight into the daily work as hardware security researchers. This ranges from giving recommendations on how to secure systems up to verifying microcontroller security in real environments. However, no practical experience and information on the resilience of common microcontrollers is publicly available - a gap we want to close. Especially when trying to make use of the integrated security features, their effectiveness often collapses quickly due to design weaknesses.\n\nOur focus lies on firmware protection mechanisms since they often are the root of security in embedded systems.\nDuring our research we were able to circumvent several mechanisms implemented from different manufacturers.\nIn most cases, each attack requires only low-priced equipment, thereby increasing the impact of each weakness and resulting in a severe threat altogether.\nWe will present one of those attacks, which can be performed within minutes, on stage.\n\nDue to the severe impact of these results, we immediately informed the manufacturers in a coordinated disclosure process.\nHowever, this is often not as simple as expected and maybe even risky.\nIn this talk we will shortly state the chosen approach and will then compare our expectations on coordinated disclosure with the real reactions of the addressed manufacturers - ranging from a friendly discussion, over tricking-into-NDA, up to ghosting.\n\nFinally we will give some ideas on how to read between the lines in datasheets. Additionally, we will outline the legal gray area of applied security research in academia.","original_language":"eng","persons":["Johannes","marc"],"view_count":493,"promoted":false,"date":"2019-08-22T00:00:00.000+02:00","release_date":"2019-08-24T02:00:00.000+02:00","updated_at":"2026-02-01T20:45:12.018+01:00","tags":["camp19","10292","Security"],"length":2752,"duration":2752,"thumb_url":"https://static.media.ccc.de/media/conferences/camp2019/10292-hd.jpg","poster_url":"https://static.media.ccc.de/media/conferences/camp2019/10292-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/conferences/camp2019/10292-hd.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/conferences/camp2019/10292-hd.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/Camp2019-10292-tales_from_hardware_security_research","url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_title":"Chaos Communication Camp 2019","conference_url":"https://api.media.ccc.de/public/conferences/camp2019","related":[{"event_id":7368,"event_guid":"e1b56229-fb1e-480c-9691-c137ec11ee51","weight":15},{"event_id":7369,"event_guid":"f7df9294-6e67-4def-bf45-441663d489f6","weight":19},{"event_id":7374,"event_guid":"4965ee72-6d7b-4e68-85f7-4d6c4f0c9041","weight":17},{"event_id":7379,"event_guid":"0c8f7472-290c-4bdf-bff0-4a7ce16c4f84","weight":9},{"event_id":7381,"event_guid":"e988c76b-3a47-46de-a2c7-77c49a5e731b","weight":25},{"event_id":7384,"event_guid":"8e743367-04a1-4232-ab03-a54fc210e548","weight":15},{"event_id":7386,"event_guid":"9b7f0485-2ff1-4302-b1b7-98cbc8b502f4","weight":17},{"event_id":7387,"event_guid":"8dc5712b-c14d-4aa0-9aa2-e598bbfc6a6d","weight":18},{"event_id":7389,"event_guid":"ed4b6c75-14f4-49fe-a11e-3762bd6b54e3","weight":11},{"event_id":7391,"event_guid":"823efec2-9c83-45d6-bec9-6a07db561cc2","weight":10},{"event_id":7393,"event_guid":"a9b096f5-3db7-4c83-af7c-289afa1d886c","weight":11},{"event_id":7395,"event_guid":"95a8ea24-a2dd-479f-86fd-6e96ce66a47e","weight":15},{"event_id":7396,"event_guid":"ffe2c816-e1d4-4457-8a2d-6c953cc3de17","weight":11},{"event_id":7397,"event_guid":"f650773d-d9df-4050-814c-a9505c439b30","weight":13},{"event_id":7401,"event_guid":"9e141f51-1fd3-482b-8af8-92f7f65653f7","weight":19},{"event_id":7403,"event_guid":"8f17b808-466d-4aa9-8bac-a2b3afcdf0a2","weight":18},{"event_id":7404,"event_guid":"d219432f-68ed-4162-8e7a-1d53a3e3e17c","weight":11},{"event_id":7407,"event_guid":"d1d313f5-926b-5357-b764-4c85cb9dddfc","weight":11},{"event_id":7412,"event_guid":"0ef9486d-7f7a-5298-9042-3e55c19768d2","weight":17},{"event_id":7413,"event_guid":"4ea406aa-1c4b-5694-b1aa-f86dd3057d8a","weight":15},{"event_id":7416,"event_guid":"f0730982-2990-418e-9b15-20a6b9e86dd2","weight":16},{"event_id":7420,"event_guid":"260ac343-6ccd-4652-8667-adf4e6d5cdeb","weight":19},{"event_id":7425,"event_guid":"06bcc268-f0db-48dc-963d-d3d54c6769a8","weight":29}],"recordings":[{"size":221,"length":2752,"mime_type":"video/mp4","language":"eng","filename":"camp19-10292-eng-Tales_from_Hardware_Security_Research.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-24T13:27:38.850+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10292-eng-Tales_from_Hardware_Security_Research.mp4","url":"https://api.media.ccc.de/public/recordings/37518","event_url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":221,"length":2752,"mime_type":"video/mp4","language":"deu","filename":"camp19-10292-deu-Tales_from_Hardware_Security_Research.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-24T13:27:47.913+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10292-deu-Tales_from_Hardware_Security_Research.mp4","url":"https://api.media.ccc.de/public/recordings/37519","event_url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":322,"length":2752,"mime_type":"video/mp4","language":"eng-deu","filename":"camp19-10292-eng-deu-Tales_from_Hardware_Security_Research_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-24T13:27:57.083+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-hd/camp19-10292-eng-deu-Tales_from_Hardware_Security_Research_hd.mp4","url":"https://api.media.ccc.de/public/recordings/37520","event_url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":41,"length":2741,"mime_type":"audio/mpeg","language":"eng","filename":"camp19-10292-eng-Tales_from_Hardware_Security_Research_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2019-08-24T13:28:44.048+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/mp3/camp19-10292-eng-Tales_from_Hardware_Security_Research_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/37522","event_url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":30,"length":2741,"mime_type":"audio/opus","language":"eng","filename":"camp19-10292-eng-Tales_from_Hardware_Security_Research_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2019-08-24T13:29:04.572+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/opus/camp19-10292-eng-Tales_from_Hardware_Security_Research_opus.opus","url":"https://api.media.ccc.de/public/recordings/37523","event_url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":145,"length":2752,"mime_type":"video/mp4","language":"eng-deu","filename":"camp19-10292-eng-deu-Tales_from_Hardware_Security_Research_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-08-24T13:32:09.268+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/h264-sd/camp19-10292-eng-deu-Tales_from_Hardware_Security_Research_sd.mp4","url":"https://api.media.ccc.de/public/recordings/37524","event_url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":166,"length":2752,"mime_type":"video/webm","language":"eng-deu","filename":"camp19-10292-eng-deu-Tales_from_Hardware_Security_Research_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2019-08-24T13:48:38.757+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/webm-sd/camp19-10292-eng-deu-Tales_from_Hardware_Security_Research_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/37526","event_url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"},{"size":402,"length":2752,"mime_type":"video/webm","language":"eng-deu","filename":"camp19-10292-eng-deu-Tales_from_Hardware_Security_Research_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2019-08-24T14:07:45.084+02:00","recording_url":"https://cdn.media.ccc.de/events/camp2019/webm-hd/camp19-10292-eng-deu-Tales_from_Hardware_Security_Research_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/37527","event_url":"https://api.media.ccc.de/public/events/5337766f-3676-4a2a-b1f6-4bd66b4d71af","conference_url":"https://api.media.ccc.de/public/conferences/camp2019"}]}