It’s been quite a year already, for security researchers disclosing groundbreaking research of the hacking variety. What with the iPhone USB-C controller hack, and news of an evolving threat to 100 million macOS users, to name but two examples. Now you can add a third: a hack that circumvents high-security protection measures with the potential to extract confidential secrets, including encryption keys, from a Raspberry Pi. Here’s what you need to know and why you shouldn’t be too concerned just yet.
Exclusive: The Raspberry Pi RP2350 Microcontroller Hack
Security researchers from IOActive accepted the challenge set by Raspberry Pi at the DEF CON 2024 hacking convention to circumvent the signed boot process present in the A2 revision of the RP2350 microcontroller, a highly secure 32-bit dual ARM Cortex-M33 and Hazard3 RISC-V integrated circuit, in order to allow the execution of unsigned code and, using that access, to read secrets from the on-chip one-time programmable memory. That challenge ran from Aug. 8 until Dec. 31, 2024, but the details of a successful hack have only been published today. Here are the exclusive details from IOActive.
Dr. Andrew Zonenberg, a principal consultant at IOActive led the research team of Antony Moor, Daniel Slone, Lain Agan and Mario Cop, and said that they “found a very unique attack vector for reading data out of antifuse memory, which we interned to further develop.” In a stark reminder of the seriousness of this research, Zonenberg concluded: Those who rely on antifuse memory for confidentiality should immediately reassess their security posture.”
That the IOActive research team has demonstrated the ability to extract the contents of antifuse bit cells in the Raspberry Pi RP2350 microcontroller via an invasive physical attack is no mean feat. The RP2350 uses an off-the-shelf Synopsys antifuse memory block for storing secure boot keys and other sensitive configuration data. Synposis describes the antifuse-based solution as a “proven, reliable and secure technology that has been widely adopted and used in a broad range of applications and markets.”
“We’re impressed with the work that IOActive have done on extracting secrets directly from the antifuse one-time programmable memory on our microcontroller products,”Eben Upton, CEO at Raspberry Pi said, “this is an innovative approach which likely affects a great many products in the market. Responsible disclosure of vulnerabilities of this sort helps semiconductor vendors like ourselves to build more secure products over time.”
Raspberry Pi RP2350 Compromise—A Very Expensive Hack
Here’s the real-world versus labs bit of the full attack methodology that leaves me thinking that this Raspberry Pi hack isn’t likely to impact users just yet. The attacker would need to be in physical possession of an RP2350 device, that’s a given, but the research team also confirmed they would need “access to semiconductor deprocessing equipment and a focused ion beam system to extract the contents of the antifuse bit cells as plaintext in a matter of days.” Which sounds kind of nerdy and scary simultaneously. However, the researchers admitted a FIB system is “a very expensive scientific instrument costing several hundred thousand dollars with operating expenses in the tens of thousands per year.”
But wait, this doesn’t mean this is just some kind of fantasy hack adventure. Such kit can be rented in a university lab for a few hundred dollars per hour which is worthy of consideration when considering immediate real-world impacts. The researchers pointed out that “this is low enough to be well within the realm of feasibility in many scenarios given the potential value of the keys in the device.” Indeed, in theory, the attack could be pulled off using a single device and within a couple of weeks of work time for a skilled hacker to “perform the initial reverse engineering and process development on blank or attacker-programmed test chips.” Actual target devices would take another day or two per chip to prepare the sample and extract a small amount of data such as a key, with a full fuse dump requiring an additional day of machine time for imaging of the entire array, the report said.
Raspberry Pi Hack Means You Need To Reassess Your Confidential Data Risk, IOActive Warned
“The fully-invasive antifuse memory reading technique we demonstrated with the example RP2350 can very likely be utilized against other types of antifuse memories,” IOActive’s senior vice president of research and strategy, John Sheehy, told me, “which are frequently used to store small amounts of infrequently changing data and may include sensitive data requiring confidentiality such as shared or private cryptographic keys.”
Everyone using anitfuse-based memories to store confidential data should reassess their risks from this novel attack vector, Sheehy warned, adding that “those who assumed it was extremely difficult or impossible to read data out of antifuse-based memories likely have significant risk to this type of attack.”
Sheehy said that, based on the current maturity of the IOActive hack attack technique, he assessed users of these products could act to make this attack much more costly and therefore less likely to be executed by adjusting how they write sensitive data to these types of antifuse-based memories. “We detail our general recommendation for this in the full disclosure report,” Sheehy said, concluding, “we have been in communication with Raspberry Pi, and they were extremely responsive and professional regarding the disclosure.”
I have reached out to Synopsis for a statement regarding the Raspberry Pi RP2350 antifuse memory hack.