Breaking Espressif’s ESP32 V3: Program Counter Control with Computed Values using Fault Injection

Espressif introduced the ESP32 V3, a low-cost System-on-Chip (SoC) with wireless connectivity, as a response to earlier hardware revisions that were susceptible to Fault Injection (FI) attacks. Despite its FI countermeasures, we are the first to bypass all security features of the ESP32 V3 with an FI attack, including Secure Boot and Flash Encryption. First, we alter encrypted flash contents to set the 32-bit outcome of a Cyclic Redundancy Check (CRC) on the bootloader signature to an arbitrary value, which we then load into the Program Counter (PC) register of the Central Processing Unit (CPU) using a single Electromagnetic (EM) glitch. This allows us to jump to Download Mode in Read-Only Memory (ROM), which provides arbitrary code execution and access to unencrypted flash contents. As far as we know, this is the first successful FI attack, bypassing both Secure Boot and Flash Encryption with a single glitch, on a target with FI countermeasures. As the vulnerabilities are in hardware, they cannot be fixed, and a new hardware revision would be required. In response to our findings, Espressif issued a Security Advisory, AR2023-005, and requested a Common Vulnerabilities and Exposures (CVE) identifier, CVE-2023-35818.