Pitfalls for Security Isolation in Multi-CPU Systems

as each CPU runs its own firmware [47] , [29] . While firmware is individual per CPU, remaining hardware such as memory and peripherals are shared among CPUs via various buses [2], [3], [4] . Depending on the MCU architecture, the CPUs have nearly unlimited access to all its components via those buses. Such architectures introduce a host of novel attack surfaces that currently is not well understood by researchers. State-of-the art security analysis techniques for embedded systems are limited to analysis of single CPUs or firmwares. For example, recent advances in rehosting, a popular technique that aims to emulate the firmware hardware-less, focuses on peripheral interaction as wrong peripheral behavior blocks firmware execution [53] . However, rehosting analyzes each peripheral in isolation and does not capture inter-peripheral dependence, e.g., inter-CPU communication interfaces [16] . For a specific attack, Classen et al. analyzed two Bluetooth-WiFi chip architectures by Broadcom, in which Bluetooth and WiFi functionality is split between two CPUs [12] . The authors explore the communication channel specific to this architecture and identify vulnerabilities that can be exploited if one of the cores is malicious due to an inherent trust between both chips. In this paper, we provide the first systematical assessment of security issues introduced by multi-CPU architectures in embedded devices. We investigate the general components of traditional, single-CPU embedded systems. We then analyze each component in the context of multi-CPU embedded devices and find that the introduction of more processors (each running individual firmware) introduces new attack surface. We distill the results into 4 general attack vectors. To confirm the validity of these 4 attack vectors, we first perform a theoretical analysis of multi-CPU devices. To that end, we collect a list of 11 device families that have at least two CPUs. We theoretically investigate their vulnerability to the newly identified attack vectors. We find that 6 out of 11 devices are vulnerable to at least one of the attack vectors. We implement our attacks on one of the vulnerable devices and practically verify our theoretical findings. We show that our attack vectors introduce arbitrary read, arbitrary write, and code execution primitives on the co-located CPUs or even in TEEs. Then, we demonstrate the practical relevance with a case study on two commercial products: the network stack of the STM32WB, and the security architecture of the Samsung Galaxy Ring. We find fundamental issues in both cases, and demonstrate practical exploits for a reproduction of the Galaxy Ring architecture. We disclosed our findings to the vendors, resulting in a security advisory and a patch.