When Memory Mappings Attack: On the (Mis)use of the ARM Cortex-M FPB Unit

Haoqi Shan,Dean Sullivan,Orlando Arias
DOI: https://doi.org/10.1109/AsianHOST59942.2023.10409308
2023-12-21
Abstract:In recent years we have seen an explosion in the usage of low-cost, low-power microcontrollers (MCUs) in embedded devices around us due to the popularity of Internet of Things (IoT) devices. Although this is good from an economics perspective, it has also been detrimental for security as microcontroller-based systems are now a viable attack target. In response, researchers have developed various protection mechanisms dedicated to improve security in these resource-constrained embedded systems. We demonstrate in this paper these defenses fall short when we leverage benign memory mapped design-for-debug (DfD) structures added by MCU vendors in their products. In particular, we utilize the Flash Patch and Breakpoint (FPB) unit present in the ARM Cortex-M family to build new attack primitives which can be used to bypass common defenses for embedded devices. Our work serves as a warning and a call in balancing security and debug structures in modern microcontrollers.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: how to use the hardware modules designed for debugging in microcontrollers (MCUs), such as the Flash Patch and Breakpoint (FPB) unit in the ARM Cortex - M series, to bypass the security protection mechanisms in modern embedded devices, thereby achieving arbitrary code execution and data leakage. Specifically: 1. **Problem Background**: - With the popularization of Internet of Things (IoT) devices, low - cost and low - power microcontrollers are more and more widely used in embedded systems. - These microcontrollers usually have built - in debugging and performance monitoring functions, such as the FPB unit, and these functions can be accessed through memory - mapping. - Although researchers have developed a variety of protection mechanisms to improve the security of these resource - constrained systems, these mechanisms may fail in the face of attacks using debugging interfaces. 2. **Specific Problems**: - The paper shows that the existing security defenses are insufficient when facing attacks launched through memory - mapped debugging structures (such as the FPB unit). - The author uses the functions of the FPB unit to construct new attack primitives. These primitives can bypass common embedded device defense mechanisms without using debugging probes, achieving arbitrary control of the device and data leakage. 3. **Research Objectives**: - Prove the inherent incompatibility between existing security mechanisms based on memory protection, control - flow integrity, etc., and debugging interfaces. - Remind and call for the design of balancing security and debugging functions in modern microcontrollers. ### Specific Contributions - **New Attack Primitives**: Show how to use memory - mapped debugging interfaces (such as the FPB unit) to achieve persistent arbitrary code execution on Cortex - M microcontrollers without using debugging probes. - **Attack Evaluation and Demonstration**: Verify the effectiveness of these attack primitives through experiments, including bypassing memory protection mechanisms and leaking data from embedded devices. ### Summary The paper reveals the security risks of debugging interfaces (such as the FPB unit) in embedded systems and emphasizes the urgency of protecting these debugging units from malicious exploitation.