Explore a critical security vulnerability in Silicon Labs' Gecko platform in this 36-minute conference talk from Ekoparty 2023. Dive into the intricacies of over-the-air (OTA) firmware updates and discover how a flaw in the Gecko SDK's update mechanism can be exploited to bypass Secure Boot and firmware signature verification. Learn about the fuzzing techniques used to uncover the vulnerability, and gain insights into the challenges of exploiting embedded systems. Follow the speaker's journey from identifying the weakness to successfully compromising the Secure Boot mechanism, highlighting the potential risks for a wide range of connected devices built on Silicon Labs' chips.
Overview
Syllabus
Breaking Secure Boot on the Silicon Labs Gecko platform - Sami Babigeon - Ekoparty 2023
Taught by
Ekoparty Security Conference
Related Courses
-
Secure Boot and Over-the-Air Updates - Challenges and Solutions
-
Achilles Heel in Secure Boot: Breaking RSA Authentication and Bitstream Recovery from Zynq-7000 SoC
-
Implementing UEFI-based Secure Boot and OTA Updates for Embedded ARM Devices
-
Modern Secure Boot Attacks - Alex Matrosov - Ekoparty Security Conference - 2019
-
RIOT over PIP: Embedding Secure OTA Deployment - Security Summit 2023
