https://www.youtube.com/watch?v=vx_j0L7xL8Y
Hacking the Secure Boot of a hardened ESP32 SoC: Math + glitching + automation = success. 🔗⚡️☣️🔀🤓 Security researchers Jeroen Delvaux, Cristofaro Mune, Mario Romero, and Niek Timmers conducted very interesting research back in 2024 on breaking (well, escaping would be more accurate) the Secure Boot chain on the ESP32 V3 chip made by Espressif Systems. ESP32 is heavily used in critical infrastructure, IoT, and smart mobility — you can find it in many places. ESP32 V3 is the hardened version of this SoC, and as of today it is still the latest version — no updates. So everything described here is relevant to equipment that was made yesterday :) The success of this research also built on effective automation: 3.4 glitch attempts per second, around 1 million glitch attempts in just a few days. Please enjoy the materials below - the creativity of attack and beauty of the test benches. And if you’re into hardware cybersecurity, please use it as inspiration for new challenges! -- CeDeROM, SQ7MHZ, http://www.tomek.cedro.info
