Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday July 17 2020, @01:27PM   Printer-friendly
from the debugging-for-fun-and-profit dept.

Submitted via IRC for boru.

https://www.infoq.com/news/2020/07/nRF52-debug-resurrect/:

A recent hardware attack on the Nordic nRF52 chip uses local access to gain chip-level debugging capabilities that persist in silicon, unpatchable in software. Nordic has confirmed the issue and encouraged device manufacturers to detect openings of the enclosure, as the chip is not hardened against fault injection.

This chip is used in so many bluetooth products. Might be fun to go wardriving and find some and see if any have accessible SWD pins.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Touché) by Immerman on Friday July 17 2020, @02:18PM (14 children)

    by Immerman (3985) on Friday July 17 2020, @02:18PM (#1022894)

    Am I missing something? How is wardriving going to carry out a hardware attack?

    Starting Score:    1  point
    Moderation   +2  
       Touché=2, Total=2
    Extra 'Touché' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   4  
  • (Score: 1, Informative) by Anonymous Coward on Friday July 17 2020, @03:11PM (3 children)

    by Anonymous Coward on Friday July 17 2020, @03:11PM (#1022911)
    Unless what they mean by "wardriving" is driving around and taking peoples' gadgets at gunpoint as though you were in a war zone. Yes, it's a hardware fault injection attack and requires a special electronic rig to attach the vulnerable chip. You obviously can't perform the attacks described over the air.
    • (Score: 2) by DannyB on Friday July 17 2020, @03:38PM (2 children)

      by DannyB (5839) Subscriber Badge on Friday July 17 2020, @03:38PM (#1022927) Journal

      Unless what they mean by "wardriving" is driving around and taking peoples' gadgets at gunpoint

      I don't have any direct experience with this, but I would presume that it would be more effective to take cash, drugs and weapons instead of taking people's gadgets.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 2) by Snotnose on Friday July 17 2020, @03:45PM (1 child)

        by Snotnose (1623) on Friday July 17 2020, @03:45PM (#1022932)

        I would presume that it would be more effective to take cash, drugs and weapons

        Sigh. The drugs I take nowdays don't do you any good unless you have high blood pressure or cholesterol.

        --
        Why shouldn't we judge a book by it's cover? It's got the author, title, and a summary of what the book's about.
        • (Score: 2) by DannyB on Friday July 17 2020, @03:50PM

          by DannyB (5839) Subscriber Badge on Friday July 17 2020, @03:50PM (#1022935) Journal

          Prescription narcotic pain killers might be appealing to a thief.

          Thieves of all ages can enjoy boner drugs.

          Who says boomers might not have good drugs in their house?

          --
          People today are educated enough to repeat what they are taught but not to question what they are taught.
  • (Score: 4, Funny) by Anonymous Coward on Friday July 17 2020, @03:19PM (3 children)

    by Anonymous Coward on Friday July 17 2020, @03:19PM (#1022914)

    Millenial wardriving: it's where you borrow Mom's car, take a photo of yourself linking in a Ruby gem called "nRF52_Crack" while driving, then you realize the library's infected with Russian malware and while trying to remove it swerve into a boomer's front lawn where (with luck) you burst into flames and die an agonizing death.

    • (Score: 3, Insightful) by The Vocal Minority on Saturday July 18 2020, @06:18AM (2 children)

      by The Vocal Minority (2765) on Saturday July 18 2020, @06:18AM (#1023275) Journal

      Why are we upmodding this annoying boomer/millenial troll hate bullshit?

      • (Score: 1, Interesting) by Anonymous Coward on Saturday July 18 2020, @08:00AM (1 child)

        by Anonymous Coward on Saturday July 18 2020, @08:00AM (#1023290)

        its a hard and rather useless question, but i'll try.

        People are a species of chimp.
        And these things enjoy discord and meaningless suffering of others.
        They need a reason to hate maim kill mutilate, because it brings them pleasure.
        Its entertaining.

        On the internet, is the almost only place where chimps can be chimps. If they try doing what brings them pleasure irl, they will get hurt.
        Especially in the land of the prison, home of the jail.

        Chimps are incredibly risk averse.
        So they create a possible identity that can exist "a troll", and a whole world of text-based depravity "anywhere where comments can be posted", because real depravity is not available to them, and text is real enough.
        That way its internally legitimate.

        What you see is a product of a/b testing for soon 30 years, if not more.

        "Why are we" - there is no we. And never has been.

        In all seriousness, go read about chimpanzee and bonobo group dynamics.
        Then realise and weep, if you that much into pretending to being non-chimp, lol.

  • (Score: 2) by ilsa on Friday July 17 2020, @07:35PM

    by ilsa (6082) Subscriber Badge on Friday July 17 2020, @07:35PM (#1023039)

    Nope. They're using completely incorrect terminology.

  • (Score: 3, Insightful) by sjames on Friday July 17 2020, @09:34PM (2 children)

    by sjames (2882) on Friday July 17 2020, @09:34PM (#1023082) Journal

    That's why I take vulnerability reports with a few pounds of salt.

    Background for people who don't do a lot of embedded device work:

    Many devices, including the nrf52 series include a hardware debugging interface (also used for initial firmware loading at the factory). Often those are exposed on the board as small conductive test points rather than having a socket. They're visible on many devices. To access them, the board is placed in a jig with spring loaded pogo pins (contact pins with an action very much like the bottom of a pogo stick). Sometimes they are disabled after the factory firmware load to make reverse engineering harder.

    Any hack involving the debugging interface is necessarily hands-on and involves opening the case. There will be no drive by hacking of devices through the debugging interface.

    On the nrf52 series, the hardware debugging can be disabled by setting a register on the device. The vulnerability is that given enough tries, it is possible to use well timed power glitching to make the device fail to disable the debug interface as it powers up, allowing you to read out the firmware and data.

    Other devices with debugging interfaces have fuses you can blow after factory load to disable debugging, but a sufficiently determined attacker with resources can probably de-cap the chip and read the firmware out anyway. So it's more a matter of how hard is it rather than is it possible.

    • (Score: 3, Insightful) by Immerman on Friday July 17 2020, @11:50PM (1 child)

      by Immerman (3985) on Friday July 17 2020, @11:50PM (#1023124)

      Yeah, it strikes me as very bizarre that hardware controlled access to debugging and other features is considered by anyone to be a security flaw.

      I mean, sure, if you're talking owner-hostile security such as keeping secret the Blueray decryption keys in a drive, debug modes are a potential weakness. Maybe too if you're talking high-security electronic locks, or medical equipment that might be tampered with to insert a literal "kill switch".

      But for consumer hardware? Access to debug modes, etc. is a wonderful boon to tinkerers, and reinforces that it's *your* hardware, not just hardware you've purchased the right to use.

      • (Score: 2) by sjames on Saturday July 18 2020, @07:26AM

        by sjames (2882) on Saturday July 18 2020, @07:26AM (#1023285) Journal

        There are a few legitimate cases where the BLE device holds access tokens to the owner's devices, but I agree that locking the owner out is less than honorable.

        The nrf isn't so bad about that, you can restore debugging to the device itself if you do a full chip erase (that function works even when debugging is disabled), but of course then it's on you to provide new firmware.

  • (Score: 2) by c0lo on Friday July 17 2020, @11:08PM

    by c0lo (156) Subscriber Badge on Friday July 17 2020, @11:08PM (#1023110) Journal

    How is wardriving going to carry out a hardware attack?

    At amateur level, wardriving can't get much hardwarer than using an AK47.

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
  • (Score: 0) by Anonymous Coward on Saturday July 18 2020, @06:55PM

    by Anonymous Coward on Saturday July 18 2020, @06:55PM (#1023454)

    I believe it was a joke. Wardriving for SWD (software defined) pins.