Hand Me Your SECRET, MCU! Microarchitectural Timing Attacks on Microcontrollers are Practical

The discovery of Spectre and Meltdown has turned systems security upside down. These attacks have opened a novel frontier for exploration to hackers and shed light on the untapped potential of hidden transient states created by shared microarchitectural resources. Since then, we have witnessed the rise of a plethora of effective software-based microarchitectural timing side-channel attacks capable of breaking and bypassing the security (isolation) boundaries of numberless processors from mainstream CPU vendors (Intel, AMD, Arm). Notwithstanding, one class of computing systems apparently is resilient to these attacks: microcontrollers (MCUs). MCUs are shipped in billions annually and are at the heart of every embedded and IoT device. There is a common belief that MCUs are not vulnerable to these attacks because their microarchitecture is intrinsically simple. In this talk, we challenge the status quo by unveiling a novel class of microarchitectural timing side-channel attacks affecting MCUs..... By: Sandro Pinto , Cristiano Rodrigues Full Abstract and Presentation Materials: #hand-me-your-secret-mcu-microarchitectural-timing-attacks-on-microcontrollers-are-practical-30579