Jane Lo, Singapore Correspondent speaks with Sandro Pinto, Associate Research Professor and Cristiano Rodrigues, PhD candidate of the University of Minho, Portugal.
Sandro holds a PhD in Electronics and Computer Engineering. Sandro has a deep academic background and several years of industry collaboration focusing on operating systems, virtualization, and security for embedded, cyber-physical, and IoT-based systems. He has published 70+ scientific papers in top-tier conferences/journals (e.g., IEEE S&P, USENIX Security) and is a skilled presenter with speaking experience in several academic and industrial conferences (e.g., Black Hat Asia, Hardwear.io, RISC-V Summit, Embedded World). Sandro is a long-term supporter of open-source projects and is currently helping several companies and institutions to make security practical at scale.
Cristiano Rodrigues is a PhD candidate at the University of Minho in Portugal, with a master’s degree in Electronic and Computer Engineering. Cristiano is a driven and skilled individual with extensive expertise in ardware/software co-design, safety-critical systems, trusted execution environments for microcontrollers, Armv8-M TrustZone, and embedded security for IoT-based systems.
In this interview, Sandro and Cristiano gave highlights of their talk on a novel class of microarchitectural timing side-channel attacks affecting MCUs.
They shared that while the discovery of Spectre and Meltdown side channel attacks exposed the potential side channel attacks on hidden transient states, there is one class of computing systems apparently is resilient to these attacks: microcontrollers (MCUs).
Sandro introduced that MCUs are at the heart of embedded and IoT device (such as smart watches, IoT home devices), and as such resource constraint in terms of computing power, memory and power consumption.
As such, he said there is a common belief that MCUs are not vulnerable to such attacks as Spectre or Meltdown, as MCUs microarchitecture is intrinsically simple – compared to the more complex microprocessors powering Cloud infrastructure, server, desktops and hence more vulnerable to side channel attacks.
Sandro and Cristiano demonstrated the fallacy of this assumption through their attack on a Smart IoT lock.
By mounting a side channel (timing) attack on a Smart lock application (that for example unlock a vault or a door), they were able to retrieve the secret PIN.
Sandro also reflected on the challenges and shared some thoughts on increasing the sophistication of the attack (e.g. remote access, alleviate the need for access to code, scaling to multiple types of microcontrollers).
Wrapping up, he stressed that sharing the results of their work is part of responsible disclosure, and advised consumers who buy IoT devices with affected microcontrollers to look out for potential announcements from manufacturers. (For an example of a follow-up action from a manufacturer ARM, see: https://developer.arm.com/documentation/ka005578/latest/)
Recorded 11th May 2023, 12noon, Black Hat Asia 2023, Singapore Marina Bay Sands