A recent hardware attack on the Nordic nRF52 chip uses local access to gain chip-level debugging capabilities that persist in silicon, unpatchable in software. Nordic has confirmed the issue and encouraged device manufacturers to detect openings of the enclosure, as the chip is not hardened against fault injection.
The nRF52 chip is used across many devices to provide wireless communication capabilities including Bluetooth, 2.4Ghz Mesh, and Near Field Communication (NFC). Versions of this chip appear in common consumer hardware as well as industrial and hospital equipment. The Autumn 2018 edition of Nordic’s publication, Ultra Low Powerless Wireless Q provides sample use cases and testimonials of organizations using this chip set across different devices. Nordic’s Q1 2020 investor relations lists the chip as used in smart thermometers to track COVID-19, "these thermometers are all connected through Nordic’s nRF52810 SoCs. Another example is the announcement of a new bracelet tracker by [company] in March, connecting through the nRF52832." The researcher, LimitedResults, cites both the nRF52810 and nRF52832 as vulnerable, demonstrating the attack against a Logitech PRO-G mouse.
LimitedResults has attacked other chip sets like the ESP32 in the past using similar voltage glitching techniques. Voltage glitching works by attaching wires directly to a chip’s pins and timing additional voltage on the pin at strategic times. This effectively tricks the hardware to receive a different set of bits, resulting in a different instruction set than what was configured by the manufacturer. In the nRF52 attack, LimitedResults used a Segger J-link probe to attach to two pins: SWDCLK (clock signal) and SWDIO (bi-directional data), as well as the device’s power pins: VDD_NRF and GND. By timing these pins against a python script, the attack disables the chip’s Access Port Protection (APProtect) to resurrect debugging access. Whereas APProtect typically provides a feature where "the debugger's read/write access to all CPU registers and memory mapped addresses is blocked," this no longer applies and a debugger once again has access to read and alter values.
The vulnerability exposure is documented following an attempt to work directly with Nordic on mitigation and disclosure. Vulnerability disclosure is described in ISO 29147:2018 as a way for organizations to receive reports and for researchers to publish findings in an industry-accepted practice. One example for receiving vulnerability reports is a bug bounty program or sponsored research. Apple’s bug bounty program provides a category of hardware attacks that require local access, offering a payout of $100,000 for a lock screen bypass and $250,000 for user data extraction. While Nordic Semiconductor does not operate a bug bounty, the organization maintains a Nordic product security page with contact information.
InfoQ spoke with Grant McCracken, senior director of operations at BugCrowd, which offers a crowdsourced security platform to act as an intermediary between researchers and organizations. "This attack is unique in that most attacks are against the firmware. Things like remote code execution, attacks against what the device does." BugCrowd operates several bug bounty programs for device manufacturers like HP, NetGear, and Aruba. The attack against the nRF52 chip is unique in that it compromises the underlying silicon chips within the device. One area where intermediaries help is the understanding of pricing on a bounty. McCracken explains, "It’s one thing to find a flaw, it’s another to weaponize it." A weaponized attack is one that is repeatable and impactful against the target. Attacks that require physical access are less repeatable at scale but can be extremely impactful and difficult to detect. The US Office of the Director of National Intelligence maintains a public page of supply chain threats, and designates April as "National Supply Chain Integrity Month."
Hardware supply chain attacks pose a notable risk to various organizations and military units alike. Microsoft's general counsel Cristin Goodwin and general manager of the cybersecurity solutions group Joram Borenstein collaborated to describe ways to defend the hardware supply chain. The pair calls out three major risks to hardware and firmware attacks in the supply chain: hardware makes a good hiding place, hardware attacks are more complex to investigate, and hardware issues are more expensive to resolve. The Intercept has collected different documents describing attacks and defenses against supply chain hardware attacks that include direct examples of similar events. Network Interface Cards are one example cited by Intellipedia as a location for tailored malware due to their ability to write to memory. A re-enabled chip-level debugger provides access over the chip's memory through which an attacker can explore other vectors.
With software vulnerabilities affecting many applications through components, many firms use a strategy of software composition analysis to track where different libraries are deployed. In the case of the Equifax hack with Apache Commons-Collections, organizations can use composition analysis to evaluate Common Vulnerabilities and Exposures (CVEs) and determine which applications ship the vulnerable library as a direct or transitive dependency. IoT vendors can consider similar strategies, watching the hardware bill-of-materials to understand if their devices use vulnerable chips.