Episode Details

Back to Episodes

Another LPC55 ROM Vulnerability

Season 2 Episode 11 Published 4 years ago
Description

Oxide and Friends Twitter Space: April 4th, 2022

Another LPC55 ROM Vulnerability

We've been holding a Twitter Space weekly on Mondays at 5p for about an hour. Even though it's not (yet?) a feature of Twitter Spaces, we have been recording them all; here is the recording for our Twitter Space for April 4th, 2022.

In addition to Bryan Cantrill and Adam Leventhal, our special guest was Laura Abbott.

Other speakers on April 4th included Ian, jasonbking, Todd Gamblin?, Ben ?, MattSci, jasonbking and Evan?. (Did we miss your name and/or get it wrong? Drop a PR!)

Some of the topics we hit on, in the order that we hit them:

  • Jonathan Goldstein's Heavyweight podcast
  • Oxide and Friends podcast
    • transistor.fm launch point, has links to Spotify, Google, Amazon etc players
  • Laura did talk about the first LPC55 vulnerability in the May 3, 2021 space, but the recording for that day missed it.
    • Laura Abbott (30 April, 2021) Exploiting Undocumented Hardware Blocks in the LPC55S69 write-up
      • And DEF CON talk with Rick Altherr
  • @4:01 Today's topic: Laura Abbott (23 March 2022) Another vulnerability in the LPC55S69 ROM write up
    • How do you brick a chip?
  • @7:20 The spreadsheet, ROM patch after boot
    • Company dismisses or downplays vulnerabilities
    • Sees CVEs as optional??
  • @15:19 CVEs as more software focused. What does a CVE for hardware even mean?
    • NXP doesn't want to open their software
  • "Even though we are not believers in security by obscurity, the product specific ROM code is not open to external parties except for approved test labs for vulnerability reviews"
  • @19:43 The story of the current vulnerability
  • @27:26 Picking apart the code
    • Bounds checks, writing outside the bounds of the buffer
    • DICE by Trusted Computing Group
    • Request for Discussion
    • Evaluating potential chips when building a product
  • @41:09 Secure hardware, work around potential pitfalls
    • Open source would help
  • @45:37 Disclosed to NXP, more receptive this time
    • Discussion on HN
    • @54:21 Security review industry
  • @57:11 Ian: building up your own (open) documentation on LPC55?
  • @1:01:31 Jason: questionable definitions of "open" source
    • A
Listen Now

Love PodBriefly?

If you like Podbriefly.com, please consider donating to support the ongoing development.

Support Us