West Bengal, India:Researchers and engineers of Secured Embedded Architecture Lab (SEAL) of IIT Kharagpur, were able to overcome the signature checking on a Raspberry Pi3 device using a glitch attack involving electromagnetic fault injection. An unprotected memory-access operation in optee_os in TrustedFirmware Open Portable Trusted Execution Environment (OP-TEE) before 3.20 allows a physically proximate adversary to bypass signature verification and install malicious trusted applications via electromagnetic fault injections. OP-TEE is an open source Trusted Execution Environment (TEE) implementing the Arm TrustZone technology. OP-TEE has been ported to many Arm devices and platforms used for solutions used in Internet of Things (IoT).

Various software companies have different levels of countermeasures against fault injection attacks. However, the team from SEAL IIT Kharagpur, comprising of PhD students Nimish Mishra, Anirban Chakraborty, and Prof. Debdeep Mukhopadhyay, Department of Computer Science and Engineering, were able to defeat these countermeasures by narrowing down the attack to individual assembly instructions, allowing them to target the victim device very precisely. This bypasses the integrity checks of the “trusted” system in order to run code with the same privilege as that of security-sensitive code (like password manager, biometric manager) runs. This causes the malicious code to steal encryption keys stored securely inside the “trusted” software, leaking private data of the user.

Shanti Swarup Bhatnagar Awardee, Prof. Debdeep Mukhopadhyay remarked, “As the IoT devices are getting more and more ubiquitous and hence physically accessible by adversaries they can offer attack surfaces which can be of catastrophic consequences if not identified and mitigated”. Through a side channel attack of electromagnetic pulse injection, the researchers have successfully been able to clear registers making the register value all zeroes. Due to the fact that OP-TEE’s TEE SUCCESS value is specified as “0x00000000”, their attack was able to successfully fool the signature checking into believing it has a valid signature. The OP-TEE project has already investigated various sorts of software mitigation patterns.

Following responsible disclosure of the vulnerability, SEAL researchers worked closely with the product’s vendor to implement the mitigation and countermeasure for the attack. The SEAL team found the mitigation patches to have sufficient level of security against proposed attack vectors. The attack has been awarded a Common Vulnerabilities and Exposures Number (CVE-2022-47549) with a score of 6.4/10 (Medium severity rating) on the NIST NVD database (which is a collection of all attacks published in a year).

Raspberry Pi is a series of small single-board computers (SBCs) developed in the United Kingdom by the Raspberry Pi Foundation in association with Broadcom. It is widely used in many areas of critical public infrastructure, such as for weather monitoring, smart homes, smart power grids etc, because of its low cost, modularity, and open design.