Fault injection attack on the STM32U5 chip: Hacking the hardware of the Trezor Safe 5 crypto wallet. π¨π»βππβ‘π΅βπ«ποΈ
Security researcher Oliver Simonik, in his bachelorβs thesis, investigates how secure the STM32U5 chip used in crypto wallets is against hardware attacks. A similar chip is used in the open-source hardware wallet Trezor Safe 5.
Two attack techniques were tested:
Voltage glitching - briefly messing with the power supply
Electromagnetic fault injection (EMFI) - using EM pulses without touching the chip
Result: The voltage glitching attack was very effective against the STM32U5 β up to a 76% success rate in bypassing the PIN check.
One interesting observation was made by the author: glitching in some cases caused the chip to output unexpected extra memory data - not just wrong answers. It looks like in some cases it could accidentally reveal chunks of internal memory... but this part requires additional research.
Good, academia-grade security research, with a detailed step-by-step explanation of how it was done. Will be very useful for those who want to learn the magic of hardware hacking. Enjoy!
More details:
Analyzing fault injection resistance of a modern open-source crypto-wallet [PDF]: https://is.muni.cz/th/nysvv/thesis.pdf
