Atmel AT91SAM7XC Crypto Key Recovery

2013.02.12
Credit: Adam
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

The Atmel AT91SAM7XC series of microprocessors contain a crypto co-processor which is DES and AES capable. They include a write-only memory for key storage and multiple physical security measures to prevent decapping etc. However, due to poor memory management, in certain circumstances it is possible to recover the crypto keys from a live system via the standard JTAG programming interface. These circumstances are made more likely to exist in the wild by the fact that the example software provided by Atmel is itself vulnerable. Full story here: http://oamajormal.blogspot.co.uk/2013/02/atmel-sam7xc-crypto-co-processor-key.html The potential for this to be an issue has been raised within the Atmel support community several times over the years, dating back to at least 2006. I personally raised it with them in 2011. However, I am not aware of any clarification being issued by Atmel, nor of any definitive proof one way or the other being made public until now. The NXP DESFire 'hack' is purely a result of the weakness in the AT91SAM7XC, and nothing to do with DESFire itself, but demonstrates why this is a real problem. I'm sorry they got in the firing line, but they were just in the wrong place at the wrong time... (cyber)war is heck! cheers, Adam -- Adam Laurie Tel: +44 (0) 20 7993 2690 Suite 117 Fax: +44 (0) 20 7691 7776 61 Victoria Road Surbiton Surrey mailto:adam@algroup.co.uk KT6 4JX http://rfidiot.org

References:

http://rfidiot.org
http://oamajormal.blogspot.co.uk/2013/02/atmel-sam7xc-crypto-co-processor-key.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top