Qualcomm IPQ40xx: An Unexpected Cup of TEE

The Qualcomm IPQ40xx family of chips, which includes the IPQ4018, IPQ4019, IPQ4028 and IPQ4029, are popular System-on-Chip (SoC) solutions for …

Read more

Espressif ESP32: Bypassing Encrypted Secure Boot …

We arrived at the last post about our Fault Injection research on the ESP32. Please read our previous posts as it provides context to the results …

Read more

Espressif ESP32: Bypassing Flash Encryption (CVE-2020-15048)

In our previous post we described an attack where we load an arbitrary value indirectly into the PC register using EMFI. During that attack we …

Read more

Espressif ESP32: Controlling PC during Secure Boot

In our previous post we demonstrated that the ESP32 chip is vulnerable to EMFI. We used this to bypass the Secure Boot implementation of the ESP32. …

Read more

Fault Injection Reference Model (FIRM)

In today's world, physical access to a device is considered a significant threat as devices often play a central role for the underlying business …

Read more

Espressif ESP32: Bypassing Secure Boot using EMFI

Our research during the last few years definitely points out our interest in Fault Injection (FI) attacks. We produced numerous publications, which we …

Read more