RP2350 Security Flaw: Microcontroller Weaknesses Revealed

The security system was compromised by a basic voltage glitch attack, though on an unexpected power rail, Cullen explains. (Aedan Cullen)

While microcontrollers have become indispensable in powering everything from smart home devices to advanced industrial systems, their increasing integration and connectivity have introduced significant security risks. Recently, security researcher Aedan Cullen revealed a new vulnerability in Raspberry Pi’s RP2350 microcontroller, challenging long-held assumptions about hardware protection. 

What are the core challenges microcontrollers face, what breakthroughs led to uncovering these weaknesses in the RP2350, and how might this discovery reshape the future of microcontroller security?

The Challenges Of Microcontroller Security

Microcontrollers are small computing devices that integrate a processor, memory, and input/output peripherals on a single chip. They perform specific tasks within embedded systems, making them essential components in a wide range of applications. From IoT sensors and smart home devices to medical equipment and industrial machinery, microcontrollers are at the heart of many modern technologies. However, microcontrollers often process sensitive information, control critical systems, and interact with external networks, which makes them a prime target for security threats. Furthermore, the increasing reliance on microcontrollers amplifies these security challenges due to the increased number of exposure points (i.e., more areas of attack become possible with each additional device).

But how are such attacks done, and why are they often easy to execute?

Physical Security Challenges

Physical security challenges, such as tampering and reverse engineering, are among the most major attack types. Attackers may physically access microcontrollers to extract sensitive information or reverse-engineer their functionality using techniques like probing, decapsulation, and side-channel analysis. The absence of secure enclaves in many microcontrollers exacerbates these vulnerabilities, making them susceptible to direct attacks. Debug interfaces, such as JTAG or SWD, often remain enabled in production, providing attackers with entry points to bypass security layers and gain unauthorised access.

Firmware Vulnerabilities

Firmware vulnerabilities are another major threat. Poorly written or outdated firmware can be exploited, leading to unauthorised access or malicious code injection. This can alter the device's behaviour or result in data theft. This is why secure boot processes are essential, as they prevent unauthorised firmware execution.

Network and Communication Security

Network and communication security are also critical points in microcontroller design and deployment. Weak encryption protocols and inadequate authentication mechanisms can lead to man-in-the-middle attacks, where communication between the microcontroller and external devices is intercepted and manipulated.

Supply Chain and Manufacturing Challenges

Supply chain and manufacturing challenges further complicate the security landscape. The presence of counterfeit microcontrollers in the supply chain introduces vulnerabilities, as these devices may contain backdoors or hidden exploits. Operational challenges, such as power and performance constraints, limit the implementation of robust security measures. Many systems still rely on older microcontrollers lacking modern security features, making them vulnerable to newer attack techniques. Insecure firmware updates also pose additional risks, especially for systems in remote or inaccessible locations.

RP2350 Hacked - Reveals Weaknesses

In a shocking revelation, engineer Aedan Cullen successfully cracked the security subsystem of the Raspberry Pi RP2350 microcontroller. Released in August 2022, the RP2350 is the company's second-generation microcontroller. It boasts improved features over its predecessor, the RP2040, including almost double the memory and faster ARM Cortex-M33 cores, alongside free and open-source RISC-V-based Hazard3 cores. Additionally, it incorporates a security subsystem designed to authenticate code running on the chip, protect one-time-programmable storage, provide fine-grained control of debug features, and more.

RP2350 Security Enhancements and Core Features

Despite these advancements, the RP2350's security features were challenged during a public hacking event at DEF CON, where researchers were invited to explore potential vulnerabilities within the chip's design. The hacking challenge, which included a financial incentive, underscored the industry's growing focus on responsible disclosure and collaborative security improvements.

Security Mechanisms and Architecture Overview

The security architecture of the RP2350 involves several interconnected mechanisms working together to provide a robust protection system. The antifuse-based OTP memory serves as the root of trust for the system, informing the configuration of ARM TrustZone and additional attack mitigations such as glitch detectors. Raspberry Pi even constructed a bespoke Redundancy Coprocessor (RCP) to harden the execution of boot ROM code on the Cortex-M33 cores, incorporating features such as stack protection, data validation, and instruction latency randomisation.

The RP2350's reliance on antifuse-based OTP memory and ARM TrustZone highlights a security approach rooted in both hardware and software-level protections. However, a critical challenge arises when newer security implementations depend heavily on legacy IP blocks, which may not be thoroughly stress-tested against modern attack methodologies such as voltage glitching.

The Voltage-Glitch Attack Explained

However, in a presentation at the 38th Chaos Communications Congress, Cullen demonstrated a voltage-glitch attack that can bypass the security subsystem and reveal the protected secret at the heart of Raspberry Pi's $20,000 Capture The Flag contest. According to Cullen, the attack is not particularly difficult to execute, as it simply involves a normal power glitch that drops the USB_OTP_VDD voltage for approximately 50μs across the CRIT0 and CRIT1OTP PSM reads. The characteristic current spike that marks the beginning of the OTP PSM sequence occurs at around 220-250μs from the CRIT0 and CRIT1 pins.

Voltage-glitch attacks, like the one demonstrated, exploit transient power fluctuations that can disrupt secure boot sequences or memory protection mechanisms. The fact that the RP2350's glitch susceptibility was exposed through a relatively simple fault injection technique raises questions about the chip's resilience against more sophisticated fault attacks, such as electromagnetic pulse (EMP) disruptions or clock manipulation.

Potential Risks and Market Impact

While Raspberry Pi has not commented on whether Cullen's attack constitutes a winning entry to its Capture The Flag contest, it is likely that the company will need to implement mitigations to protect against this vulnerability. The discovery of the security flaw raises concerns about the potential risks associated with using the RP2350 in commercial designs, particularly those requiring high levels of protection. As the security subsystem is a key feature of the chip, the revelation of its vulnerability may impact the marketability of the RP2350 and other Raspberry Pi products.

Given the increasing use of microcontrollers in critical infrastructure and IoT devices, the exposure of such vulnerabilities underscores the importance of adopting multi-layered security approaches. Manufacturers must consider both physical attack vectors and software integrity checks to ensure robust defences against real-world threats.

The impact of this security flaw extends beyond the RP2350, as it also affects the Raspberry Pi Pico 2 development board, which is based on the RP2350. The Pico 2 was launched alongside the RP2350 in August 2022, and its security features were touted as a major selling point. The discovery of the vulnerability in the RP2350 microcontroller may raise concerns about the security of the Pico 2 development board, potentially affecting its marketability and user trust.

Addressing Vulnerabilities and Future Mitigations

To address these concerns, Raspberry Pi may need to explore hardware revisions or firmware patches aimed at hardening the RP2350's voltage regulation components and OTP management. Enhanced protections, such as additional error-detection circuits and real-time power integrity monitoring, could help mitigate such risks in future iterations.

Why New Designs Struggle

One of the major challenges faced by new microcontroller designs is the inclusion of untested features. As these devices evolve to meet modern demands, they often incorporate cutting-edge features such as AI accelerators, secure enclaves, and advanced connectivity. However, the lack of extensive validation for these features can create potential vulnerabilities that attackers can exploit. In fact, the recent security flaw in the Raspberry Pi RP2350 microcontroller demonstrates how even the most advanced security systems can be vulnerable to attack.

Untested Features and Security Implications

New microcontroller designs often include novel security mechanisms, but these lack the extensive validation that established frameworks have undergone over time. Issues can arise when hardware security features, such as secure boot or encrypted storage, contain flaws that hackers can exploit. The lack of proven security frameworks makes it challenging for engineers to ensure the security of their designs, leading to potential vulnerabilities that can compromise the integrity of their systems.

The addition of new features like wireless connectivity, AI processing, and cloud integration expands the attack surface of microcontrollers. These features introduce new vectors for cyberattacks, such as remote exploitation, firmware injection, or side-channel attacks. As a result, engineers must be vigilant in identifying potential vulnerabilities and implementing robust security measures to protect their systems from these emerging threats.

Manufacturing Risks and Supply Chain Integrity

New designs are particularly vulnerable during the manufacturing process, where hardware trojans or malicious modifications can be introduced. Verifying the integrity of every component in a supply chain is difficult, especially for unproven designs with complex production requirements. Engineers must be cautious when selecting suppliers and ensuring that their components meet the required security standards.

Challenges with Advanced Security Technologies

Incorporating advanced hardware-based security features, such as Trusted Execution Environments (TEE) or post-quantum cryptography, is challenging for new designs. These technologies are still emerging, and their implementation often involves trial and error, which can lead to exploitable bugs. Furthermore, the integration of these features can be complex, requiring specialised expertise and resources. Engineers must carefully evaluate the benefits and risks of incorporating advanced security features into their designs.

New microcontroller features often aim to provide advanced functionality, but they may not integrate seamlessly with existing ecosystems. For example, compatibility with legacy software, communication protocols, or hardware peripherals may be limited or entirely absent. In addition, immature ecosystems surrounding new features can hinder adoption, as developers may face challenges in leveraging these features effectively.

Compatibility and Ecosystem Limitations

Features like AI accelerators, on-chip security modules, or low-power wireless stacks are complex and often not fully stress-tested. Hidden bugs or oversights in these systems can result in vulnerabilities that emerge only after deployment. As a result, engineers must be diligent in testing and validating their designs, especially when incorporating cutting-edge features that are still in their infancy.

Hidden Vulnerabilities in New Feature Deployments

Manufacturers of new designs may market advanced features that are not fully functional or reliable in real-world applications. When these features fail to deliver on expectations, it can result in adoption hesitancy or product recalls. Engineers must be cautious when promoting new features and ensure they are thoroughly tested and validated before release.

Challenges with Security Testing and Emerging Threats

Security testing often focuses on known vulnerabilities, but new features can introduce novel attack vectors that are not yet well understood. Emerging threats, such as AI-driven hacking or quantum computing, pose risks that are difficult to address during the design phase. Furthermore, time constraints in development cycles can lead to insufficient testing, especially for new features that require extensive validation under different use cases and environments.

Customer hesitation is a common challenge faced by new microcontroller designs, especially those with untested features. Engineers and businesses are wary of adopting new devices due to the potential for unforeseen vulnerabilities or compatibility issues. The lack of a proven track record makes it difficult to justify switching from established alternatives. As such, engineers must be transparent about the capabilities and limitations of their designs, ensuring that customers are aware of the potential risks and benefits associated with new features.

In conclusion

security and untested features are major pain points in new microcontroller designs. Addressing these issues requires rigorous security validation processes, extensive testing of new features in real-world scenarios, and transparent communication with customers about the limitations and risks of cutting-edge functionality. By prioritising security and thoroughly testing their designs, engineers can ensure the integrity of their systems and protect them from emerging threats.