Kévin Courdesses Breaks the ESP32-V3, ESP32-C3, and ESP32-C6 Wide Open with a Side-Channel Attack
Kévin Courdesses Breaks the ESP32-V3, ESP32-C3, and ESP32-C6 Wide Open with a Side-Channel Attack
"There is no software [or] hardware fix available," Espressif warns of vulnerabilities allowing for encrypted flash data exfiltration.
Hardware and embedded software engineer Kévin Courdesses has replicated research into breaking the flash encryption on selected Espressif ESP32 microcontrollers — including the ESP32-C3 and ESP32-C6 — using side-channel attacks to extract data and even bypass secure boot functionality.
"I recently read the Unlimited Results: Breaking Firmware Encryption of ESP32-V3 (Abdellatif et al, 2023) paper," Courdesses explains. "This paper is about breaking the firmware encryption feature of the ESP32 SoC [System on Chip] using a side-channel attack. This was an interesting read, and soon, I wanted to try to reproduce these results. To understand everything about this attack, I wanted to start from scratch, even if it meant sometimes reinventing the wheel."