Nordic Semiconductor APPROTECT Compromised

LimitedResults have published details of how they have been able to access what were previously presumed to be protected Nordic Semiconductor nRF52 devices. nRF52 devices are regularly used in beacons and other Bluetooth devices such as fitness trackers. This post summarises the vulnerability, looks LimitedResults claims, Nordic Semiconductor’s response and how that affects those using such devices.

Nordic nRF52 System on a Chip (SoC) devices are small Arm® Cortex™-M4 CPU computers running software. The software is flashed into the devices and authors usually apply what’s called APPROTECT to prevent the software from being read back and the debug port from being used for examining data. The software read back lock is to prevent the software being copied onto non-sanctioned devices or for decompilation to obtain algorithms that might be considered intellectual property (IP). Examining data via the debug port allows access to passwords or data that might be considered to be confidential.

LimitedResults have cleverly managed to disrupt the running of the SoC by removing some circuit capacitors and producing a very short pulse on the power line. This allows bypassing of the APPROTECT, subsequent use of the debug port to control code execution, extraction of the code and ultimately disabling the APPROTECT mechanism. LimitedResults say:

Due to its low-complexity, this attack on the nRF52840 can be reproduced on the field easily

Nordic Semiconductor responded today with an Informational Notice that describes the problem and concludes:

The nRF52-series of SoCs, like many standard microcontroller circuits, are not hardened against fault injection techniques

This puts the onus on companies using the nRF52 to only use it for non-critical uses where a security breach has negligible consequences OR to only use it where it’s known that physical access, required to perform such security breaches, is unlikely or impossible to occur.

What does this mean for users? This affects nRF52-based product owners in that binary code can’t now be considered safe from copying or examination. While this sounds concerning, anyone wishing to take advantage of the vulnerability needs a very high level of skill. Despite LimitedResults saying it can be “reproduced on the field easily”, the ‘easily’ part is contentious. Producing a power spike isn’t easy. Analysing extracted binary code and data also requires a high level of skill. We can’t think of any uses of the nRF52 where it would be worth the effort.

When it comes to the end users, there could be uses, particularly in healthcare, where a vulnerability might be a concern. For example, Nordic devices have been used in heart rate monitors. However, the vulnerability requires removal of components from the circuit board and physically attaching wires to the inside of such devices. With today’s surface mount based PCB designs, it’s difficult to do this in the lab let alone on a user’s device.

As with all security issues, you have to put possible attacks into perspective. The vulnerabilities are difficult to exploit and not worth the effort in most cases. The security of the nRF52 is suitable for the kind of data collection tasks for which it tends to be used.

It’s in security-critical areas such as healthcare and finance that such vulnerabilities need to be taken more seriously. As with some microcontrollers used in finance, extra physical (impossible to get to the circuit) and/or software (self-destruct) protections need to be put in place.