Logo Logo
Switch Language to German

Guillen, Oscar M.; Schmidt, Dawin and Sigl, Georg (2016): Practical Evaluation of Code Injection in Encrypted Firmware Updates. In: Proceedings of the 2016 Design, Automation & Test in Europe Conference & Exhibition (Date): pp. 325-330

Full text not available from 'Open Access LMU'.


Several firmware update mechanisms in microcontrollers still make use of confidentiality-only block cipher modes, ultimately lulling the users into a false sense of security. In this work we show how easy it is to apply well known malleability attacks to successfully inject arbitrary code into an encrypted firmware image. We demonstrate this vulnerability by attacking the Advanced Encryption Standard in Cipher Block Chaining mode on an ARM-based microcontroller. The attack makes use of patterns in the structure of the firmware image to obtain known-plaintexts which may be used to modify an encrypted image. Subsequently, malicious code may be injected to extract the memory contents of the device. This work shall help motivate the use of authenticated encryption modes even in resource constrained devices.

Actions (login required)

View Item View Item