Ensuring IoT Security Against Side Channel Attacks for ESP32

By Rohan Panesar, Marketing Assistant and Anthony Elder, VP Technology Solutions at Crypto Quantique. This blog discusses a hardware vulnerability in ESP32s and how QuarkLink mitigates this.

ESP32 boards are the building blocks for many IoT devices today, with applications spanning smart home, healthcare, IIoT and beyond. Espressif have held the number one position for market share in Wi-Fi MCUs, worldwide, for the past 6 years. They come with reasonable security functionality, as the latest C3/C6 products both include secure boot and flash encryption among other features.

A hardware vulnerability has been identified in the ESP32-C3 and ESP32-C6 chips. This vulnerability allows an attacker to compromise the secure boot and flash encryption, meaning sensitive data such as passwords or cryptographic keys can be extracted.

This attack uses a technique known as Correlation Power Analysis, a form of side channel attack, to extract the encryption key from the first flash block. Attackers can then use a buffer overflow exploit using a fault injection technique in ROM code to load and execute shellcode in the internal memory; bypassing the device secure boot.

Espressif’s security advisory makes clear that this attack requires significant expertise and time as it is a complicated, invasive attack, but, there is currently no hardware or software fixes available. The reason this attack is successful is that security measures often aren’t taken far enough, and in this case secrets were stored in flash and accessible using this vulnerability; this would be mitigated by adopting a secure by design approach as sensitive data should not be unnecessarily exposed.

IoT security features provided in our QuarkLink device management platform mitigates this risk by not storing secrets in flash. Instead, we leverage hardware security features like secure elements or the ESP32’s Digital Signature and HMAC peripheral to keep keys and credentials safe, even with compromised flash.

By using Quarklink with ESP32 chips, your keys remain protected from this attack. Our combination of not storing secrets in flash and using hardware security primitives keeps your devices and data secure.

This showcases how Quarklink’s design defends against emerging threats like side channel attacks. If you use ESP32s, Quarklink can help protect and manage your IoT systems. Try QuarkLink Ignite for free today and to see our supported devices check out our GitHub.