New Side-Channel Attack on ARM: Implications for IoT Security

15-05-2023 | By Robin Mitchell

Recently, researchers demonstrated a new side-channel attack against ARM TrustZone at the Black Hat Asia conference, but ARM has stated that the attack provides little threat to current ARM cores. What challenges do side-channel attacks present, what exactly was demonstrated at Black Hat Asia, and why could such a discovery present a major threat to the IoT industry?

What challenges do side-channel attacks present?

For as long as computers have existed, there have been those with malicious intent who see computers as a means to do harm. In fact, some of the first operating systems, even before the development of the Internet, had to deploy password protection mechanisms to prevent unauthorised access to materials. Of course, during this time, hackers would have to resort to either correctly guessing the password, breaking into offices to find password books, or using social engineering techniques to try and trick users into giving out their credentials. 

These attacks have grown in complexity over the years, heavily relying on software to replicate programs (such as viruses), install backdoor access (trojans), and even hold data for ransom via encryption (ransomware). To defend against these attacks, engineers and software developers have turned to numerous techniques, including software scanners that look for suspicious code and hardware systems that identify suspicious code activity and memory access inside a processor. Thus, there has been a constant tug of war between hackers developing new attacks and engineers formulating new defences.

However, the past few years have seen a new type of attack that is proving to be extremely difficult to defend against; side-channel attacks. To understand this, imagine a burglar. Instead of breaking into a house directly, the burglar might gather information by peering through windows, checking if the lights are on, or observing the homeowner's routines. Similarly, side-channel attacks gather indirect information to understand what's going on inside a computer system. Instead of trying to break in through the main defences of a computer, side-channel attacks look to pick up hints or clues from 'side-channels' to figure out what's happening within the system.  For example, trying to directly access protected areas of memory can be virtually impossible to do, but a side-channel attack may utilise flag registers and speculative code execution to reveal the contents of protected memory.

It is this use of side-channels that makes side-channel attacks hard to defend against and why they may present engineers with serious challenges in the future. Fortunately, side-channel attacks can also be complex to deploy and require physical access to a device, meaning that launching remote side-channel attacks is unlikely. In a recent presentation at the Black Hat Asia 2023 conference, Associate Research Professor Sandro Pinto and PhD Student Cristiano Rodrigues from the Universidade do Minho challenged the belief that microcontrollers (MCUs), due to their simpler microarchitecture, are resilient to side-channel attacks. These experts demonstrated that these attacks are not only possible but practical. Software-based side-channel attacks can easily be caught via code scanning, and hardware-based side-channel attacks require physical access, meaning that hackers have to physically obtain a device.

For instance, a notable example of a side-channel attack is the infamous Spectre and Meltdown attacks that affected virtually every computer chip made in the last 20 years. These attacks exploited design flaws in the chips to steal sensitive data directly from the memory of running applications. 

Researchers reveal side-channel attack against ARM TrustZone

TrustZone, developed by ARM, is like a security guard for a computer chip. It separates the chip's operations into two 'zones' - a secure zone for sensitive data and a non-secure zone for everything else. The idea is to keep important information like passwords and encryption keys locked away, safe from potential attacks. 

Recently, researchers at Black Hat Asia demonstrated what is believed to be the world’s first side-channel attack on a microcontroller, targeting an ARM Cortex-M with something called TrustZone enabled. TrustZone works like a safety deposit box in your chip. It keeps your important stuff (like passwords and encryption keys) locked away from the rest of the system. The attack was demonstrated against a security lock that used this TrustZone 'safety deposit box' and a trusted keypad to protect a user’s pin number during unlocking. The result of the attack demonstrated that the pin code could be inferred, all while avoiding ARMs TrustZone entirely. This revelation aligns with Pinto and Rodrigues's findings presented at Black Hat Asia. They discussed and demonstrated how these side-channel attacks can bypass the isolation guarantees of a reference Trusted Execution Environment (TEE) architecture on a state-of-art MCU. 

To achieve this, the researchers turned to the internal bus interconnect arbitration logic that decides which bus master controls the internal data bus, such as the CPU and DMA peripherals. As no two devices can use the internal bus at the same time, the arbiter has to decide which device can use it first, and this incurs timing differences during execution. Thus, the researchers could take advantage of these timing differences and determine the value of keypresses. Furthermore, the researchers then automated their attack using peripherals, thereby eliminating CPU execution and allowing the attack to occur in the background.

To put this into perspective, imagine a smart home system running on an ARM processor. An attacker having physical access to the system could potentially exploit this side-channel attack to bypass the security measures and gain control of the system, altering thermostat settings, disabling security cameras, or even unlocking doors. 

However, ever since the researchers announced their attack, ARM has publicly stated that the attack was not a failure of their microarchitecture or TrustZone, but a failure in the application code. According to ARM, their TrustZone system does not claim to defend against side-channel attacks, and such attacks are not specific to ARM devices as any CPU can be vulnerable to memory-pattern and timing attacks. ARM has also stated that engineers should avoid program flows and memory access patterns that relate to specific secret states, but this is easier said than done.

Given the potential threat of these side-channel attacks, there are several strategies that software and hardware engineers might employ to mitigate the risk. One approach is to implement 'noise' in the timing and power consumption of devices, making it more difficult for an attacker to discern patterns. Another tactic is to ensure sensitive data is not processed in a predictable manner, reducing the likelihood of successful timing attacks. It's important to note, however, that these countermeasures require careful planning and implementation to be effective without adversely affecting the device's performance. 

As Pinto and Rodrigues explained in their presentation titled 'Hand Me Your SECRET, MCU! Microarchitectural Timing Attacks on Microcontrollers are Practical,' the discovery of Spectre and Meltdown has opened new frontiers for hackers. They demonstrated that side-channel attacks can effectively bypass the security boundaries of processors from mainstream CPU vendors, including Intel, AMD, and Arm.

Why is this attack potentially damaging to the IoT industry?

The revelation of these side-channel attacks underscores the pressing need for robust security measures in the rapidly growing IoT industry. Manufacturers and developers of IoT devices must prioritise security in their design and development processes, perhaps considering the integration of hardware security modules (HSMs) or similar technology to enhance data protection. Additionally, regular firmware updates and patches can help to mitigate emerging threats. As consumers, we must also be mindful of the devices we bring into our homes and businesses, prioritizing those with a strong commitment to security. 

While it is possible to integrate some defences against this newly discovered attack, the fact that the researchers were able to bypass ARM TrustZone introduces some serious challenges to the industry and, specifically, the IoT sector. Despite x86/x64 CPUs dominating the mainstream PC and server market, ARM CPUs are by far the most popular amongst smaller devices, such as smartphones, IoT devices, and even industrial control systems (PLCs). As these devices number in the billions, this new attack could open them up to vulnerabilities that expose private data. 

For example, a hacker who can deploy this attack against IoT devices may be able to listen to conversations via audio data, see images taken from cameras, determine security codes for buildings, and even extract private keys used to encrypt data in transmission. Of course, this attack may require physical access to the device, but obtaining even a single IoT sensor could put an entire network at risk.

Consider the case of a smart factory using IoT sensors for monitoring and control. If a single sensor running on an ARM processor was compromised via this side-channel attack, it could expose critical operational data or allow manipulation of the entire system, leading to significant downtime or even hazardous conditions. 

Overall, what the researchers have demonstrated goes to show the real danger of side-channel attacks and how engineers will need to develop more ingenious solutions to try and defend against them. As Pinto and Rodrigues highlighted in their Black Hat Asia presentation, this new class of attacks poses a significant challenge to the industry, emphasising the need for continuous research and development in security measures to counteract these evolving threats. This attack also demonstrates the many vulnerabilities faced by the IoT market and even raises questions on whether the mass integration of sensors into everyday life does more harm than good. 


By Robin Mitchell

Robin Mitchell is an electronic engineer who has been involved in electronics since the age of 13. After completing a BEng at the University of Warwick, Robin moved into the field of online content creation, developing articles, news pieces, and projects aimed at professionals and makers alike. Currently, Robin runs a small electronics business, MitchElectronics, which produces educational kits and resources.