uSec - Swiss-Based Side-Channel and Fault Attack Evaluation Company

Frequently Ask Questions

Why is it essential to assess side-channel and fault attacks for device security?



Side-channel and fault attacks have become increasingly accessible, making them a favored tool among hackers. These attacks have been successfully deployed against a wide array of devices, including Apple AirTag, Sony Playstation, Nordic chips, and numerous cryptowallets. By exploiting vulnerabilities in device hardware or software, side-channel and fault attacks can uncover highly sensitive information such as ROM code, secure storage contents, and cryptographic keys. This compromised data not only aids adversaries in scaling their attack models but also poses a significant threat to the security and integrity of the targeted devices and the data they contain.

What advantages does uSec offer?



uSec is a respected Swiss startup founded by individuals with over ten years of collective experience in industry and academia. Unlike large corporations, we focus on developing affordable attack solutions that mirror those utilized by real hackers. Our approach isn't limited to one specific method; instead, we combine a variety of techniques commonly seen in real-world situations. Additionally, our services are tailored to suit smaller businesses, thanks to our compact team structure.

What are the capabilities of side-channel and fault attacks in terms of authenticity, confidentiality, integrity, availability, and non-repudiation?



Authenticity:
Firmware/software authentication bypass: Allows unauthorized access.
Device identity spoofing: Can lead to impersonation.
Attestation bypass: Undermines verification integrity.
Confidentiality:
Extraction of user and corporate data: Compromises privacy.
Access to protected records: Exposes confidential data.
Recovery of sensitive keys: Jeopardizes security.
Integrity:
Data manipulation: Alters stored information.
Unauthorized code execution: Enables malicious actions.
Compromising firmware integrity: Leads to malfunctions.
Availability:
Denial-of-Service (DoS) attacks: Blocks access.
Device functionality disruptions: Causes malfunctions.
Non-repudiation:
Device cloning: Creates unauthorized duplicates.
Data falsification: Undermines authenticity.‍

Is it necessary for my device to undergo testing for side-channel and fault vulnerabilities?



Whether a device requires testing for side-channel and fault vulnerabilities hinges on its industry and the assets it contains. Semiconductor manufacturers often can't predict how their chips will be utilized. For instance, if a manufacturer incorporates encryption for external storage, and this feature is utilized in medical devices, a successful attack could result in the loss of critical patient data. Hence, semiconductor manufacturers should seriously contemplate side-channel and fault attacks in their security strategies. Similarly, device manufacturers employing third-party microcontrollers should prioritize safeguarding the assets within their devices. If the value of the asset surpasses the potential cost of an attack, prioritizing testing for side-channel and fault vulnerabilities becomes crucial.Additionally, side-channel and fault attacks can serve as a gateway to further scaling of attacks. Once code is extracted, attackers may reverse-engineer it to uncover scalable software vulnerabilities. Moreover, the code can be reused or cloned, presenting challenges in assessing the consequences of such attacks. Consequently, protection against these threats is paramount.

What types of devices are susceptible to side-channel and fault attacks?



Various types of semiconductor devices, including general-purpose microcontrollers, fast mobile chipsets, secure elements, trusted platform modules, and others, are vulnerable to side-channel and fault attacks. The susceptibility of a device depends on factors like the attacker's expertise, available equipment, investigation time, access to samples and documentation. In general, all semiconductor devices are prone to these attacks, highlighting the ongoing battle between protection measures and evolving attack methods. Real-world attackers often utilize a combination of techniques to access desired information, emphasizing the importance of creativity and motivation in addressing these security challenges.

Can side-channel and fault attacks be prevented or mitigated?



There are countermeasures available to address side-channel and fault attacks, but implementing them effectively can be challenging. Specialized knowledge is needed to ensure proper implementation, as protecting against one attack vector might inadvertently create vulnerabilities elsewhere. Additionally, many countermeasures are subject to patents, which can complicate the development of new solutions. Consulting with a specialized company is advisable to navigate these complexities effectively.

What are some real-world examples of devices compromised by side-channel and fault attacks?



Please consult the following resources:
https://limitedresults.com/
https://donjon.ledger.com/
https://fail0verflow.com/blog/

What should I do if I suspect my device has been targeted by a side-channel or fault attack?



Detecting side-channel and fault attacks is possible but highly challenging. In industries like smart cards, certain destructive countermeasures are implemented if anomalies are detected. However, these measures can sometimes be circumvented using other fault attack methods. Most consumer devices lack detection mechanisms for preventing side-channel and fault attacks, making it difficult to identify such incidents. Moreover, attackers may block communication with the device during the attack. If you suspect your device has been targeted by a side-channel or fault attack, such as through leaks of protected keys or firmware, it's essential to address these vulnerabilities promptly and seek assistance from a company specializing in device penetration testing.

Are there regulatory standards or compliance requirements related to side-channel and fault attack testing for certain industries?



Yes, there are several significant certifications, such as Common Criteria and FIPS, that address these types of attacks. Additionally, these attacks are now recognized by the Common Weakness Scoring System. However, it's important to note that certification processes do not guarantee device security; they merely demonstrate compliance and resistance to a specific group of evaluators. Real-world hackers can be more inventive and pose additional challenges.

Protect Your Hardware from Unseen Threats

Side-Channel and Fault Analysis

Device pentesting

Security Trainings

Development & review

Device Analysis

Security Assessment

Side-Channel & Fault Attacks

Development & Training

We guarantee the best evaluation services

Frequently Ask Questions

Let’s Talk About Your Problem

Subscribe to newsletters