Abu Dhabi-UAE – The Technology Innovation Institute (TII), a leading global scientific research center and the applied research pillar of Abu Dhabi’s Advanced Technology Research Council (ATRC), and Raelize, a globally-renowned cybersecurity entity, have reported a new vulnerability in Espressif’s ESP32 revision v3.0. The two entities identified the vulnerability by deploying an Electromagnetic Fault Injection (EMFI) attack to gain unauthorized access to the ROM’s Download Mode.

This is the first example of a successful Fault Injection (FI) attack where both Secure Boot and Flash Encryption are bypassed using a single glitch on a target specifically hardened against FI attacks.

Espressif is a multinational semiconductor company responsible for the creation and design of low-cost chipsets including the ESP32, a System-on-Chip (SoC) used in millions of devices that supports notable security features such as Secure Boot and Flash Encryption. In recent years, several security compromises due to FI attacks have been reported. Following the attack orchestrated by TII and Raelize, Espressif acknowledged the vulnerability and published a security advisory (AR2023-005), and in turn, CVE-2023-35818 was assigned by the CVE numbering authority. This assigned ID is a number that uniquely identifies the vulnerability discovered in the Common Vulnerabilities and Exposures (CVE) database, which is a list of publicly disclosed security vulnerabilities.

While Espressif’s ESP32 revision v3.0 was initially developed as a hardened solution to FI attacks, through a joint initiative, TII and Raelize carried out this novel FI attack against the SoC, which chains multiple vulnerabilities and utilizes a single EM glitch to infiltrate and further exploit the ROM’s Download Mode. The attack facilitates access to the unencrypted flash contents.

Highlighting the significance of this groundbreaking initiative, Dr. Najwa Aaraj, Chief Researcher, Cryptography Research Center (CRC) at TII, said: “We are pleased to report that our work leading to this CVE attests to our continuing efforts to enhance our cryptography ecosystem, thanks in part to our state-of-the-art Hardware Security Research lab – among the first in the MENA region capable of performing such highly advanced attacks and analyses. We are encouraged by the outcomes of this latest experiment and hope to continue building our capability and research know-how in the thriving domain of hardware security.”

Niek Timmers, Co-Founder, Raelize, said: “Similar to sophisticated software exploits, we regard Fault Injection attacks as a form of art, demanding a highly imaginative and creative mindset. At Raelize, we channel our technical expertise to pioneer the field of hardware security research, pushing the boundaries of innovation and excellence.”

The findings are part of TII and Raelize’s collaborative efforts in strengthening the cybersecurity landscape and driving robust cryptographic solutions – demonstrating their unbeatable credibility and capabilities as global leaders in the field of hardware security research.

About the Technology Innovation Institute (TII)

The Technology Innovation Institute (TII) is the dedicated applied research pillar of Abu Dhabi’s Advanced Technology Research Council (ATRC). TII is a pioneering global research and development center that focuses on applied research and new-age technology capabilities. The Institute has 10 dedicated research centers in advanced materials, autonomous robotics, cryptography, AI and digital science, directed energy, quantum, secure systems, propulsion and space, biotechnology, and renewable and sustainable energy.

By working with exceptional talent, universities, research institutions and industry partners from all over the world, the Institute connects an intellectual community and contributes to building an R&D ecosystem that reinforces the status of Abu Dhabi and the UAE as a global hub for innovation.

For more information, visit https://www.tii.ae/

About Raelize

Raelize is a leading device security company headquartered in the Netherlands. Founded by a team of seasoned device security experts with decades of collective experience in the field of device security. With a strong focus on hardware security, they offer a comprehensive range of services to their clients, including training, consultancy, and testing.

Through their research-driven activities, Raelize stands at the forefront of the industry, pushing the boundaries of hardware security. They actively contribute to the field by presenting their groundbreaking results at prestigious academic and industry conferences, consolidating their reputation as pioneers in the industry. Their commitment to excellence and dedication to advancing the state-of-the-art in device security makes them a trusted partner for organizations seeking robust and cutting-edge security expertise.

For more information, visit https://raelize.com/