TY - GEN
T1 - Breaking all the things
T2 - 17th Smart Card Research and Advanced Application Conference
AU - Vasile, Sebastian
AU - Oswald, David
AU - Chothia, Tom
PY - 2019/3/7
Y1 - 2019/3/7
N2 - In this paper, we systematically review and categorize different hardware-based firmware extraction techniques, using 24 examples of real, wide-spread products, e.g. smart voice assistants (in particular Amazon Echo devices), alarm and access control systems, as well as home automation devices. We show that in over 45% of the cases, an exposed UART interface is sufficient to obtain a firmware dump, while in othercases, more complicated, yet still low-cost methods (e.g. JTAG or eMMC readout) are needed. In this regard, we perform an in-depth investigation of the security concept of the Amazon Echo Plus, which contains significant protection methods against hardware-level attacks. Based on the results of our study, we give recommendations for countermeasures to mitigate the respective methods.
AB - In this paper, we systematically review and categorize different hardware-based firmware extraction techniques, using 24 examples of real, wide-spread products, e.g. smart voice assistants (in particular Amazon Echo devices), alarm and access control systems, as well as home automation devices. We show that in over 45% of the cases, an exposed UART interface is sufficient to obtain a firmware dump, while in othercases, more complicated, yet still low-cost methods (e.g. JTAG or eMMC readout) are needed. In this regard, we perform an in-depth investigation of the security concept of the Amazon Echo Plus, which contains significant protection methods against hardware-level attacks. Based on the results of our study, we give recommendations for countermeasures to mitigate the respective methods.
UR - http://www.scopus.com/inward/record.url?scp=85070747026&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-15462-2_12
DO - 10.1007/978-3-030-15462-2_12
M3 - Conference contribution
T3 - Lecture Notes in Computer Science
SP - 171
EP - 185
BT - CARDIS 2018: Smart Card Research and Advanced Applications
PB - Springer
Y2 - 12 November 2018 through 14 November 2018
ER -