DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2020-27211: Voltage Glitching the Nordic nRF52: How a Zap Resurrected the Debugger

#security #cve #cybersecurity

Voltage Glitching the Nordic nRF52: How a Zap Resurrected the Debugger

Vulnerability ID: CVE-2020-27211
CVSS Score: 5.7
Published: 2021-05-21

A fundamental hardware vulnerability in Nordic Semiconductor nRF52840 chips allows attackers to bypass Readback Protection (APPROTECT) via voltage fault injection. By precisely glitching the power rail during the boot sequence, an attacker can prevent the chip from processing the 'lock' command, resurrecting the Serial Wire Debug (SWD) interface and allowing full firmware extraction.

TL;DR

The nRF52840's hardware readback protection (APPROTECT) can be bypassed by momentarily cutting power (glitching) during boot. This re-enables the debug interface on locked chips, exposing firmware and secrets.

⚠️ Exploit Status: WEAPONIZED

Technical Details

  • Attack Vector: Physical (Fault Injection)
  • CVSS v3.1: 5.7 (Medium)
  • Weakness: CWE-1247: Improper Protection Against Voltage Fault Injection
  • Impact: Firmware Dump / Secret Exfiltration
  • Requirement: Physical Access + Oscilloscope/Glitcher
  • Status: Patched in Silicon Rev 3

Affected Systems

  • Nordic Semiconductor nRF52840
  • Nordic Semiconductor nRF52832
  • Nordic Semiconductor nRF52810
  • Devices utilizing nRF52 for FIDO2 (SoloKeys, etc.)
  • Consumer IoT devices utilizing nRF52 BLE SoCs
  • nRF52840: Revision 1 and 2 (Build codes < QxAx) (Fixed in: Revision 3)
  • nRF52832: Revision 1 and 2 (Fixed in: Revision 3)

Exploit Details

  • LimitedResults: Original disclosure and step-by-step guide on voltage glitching the nRF52
  • Fraunhofer AISEC: Academic paper detailing the attack against FIDO2 tokens using this CVE

Mitigation Strategies

  • Use nRF52840 Revision 3 (or later) silicon which contains hardware-level hardening.
  • Implement 'Secure APPROTECT' via Nordic SDK v17.0.0+.
  • Apply tamper-resistant epoxy or conformal coating to PCB to make physical access/modification difficult.
  • Enable Watchdog Timers early in the boot process to catch stalled or glitched states.

Remediation Steps:

  1. Identify the silicon revision of deployed devices.
  2. For vulnerable revisions, update the bootloader to include the UICR check loop.
  3. In the bootloader: Read UICR APPROTECT status.
  4. If APPROTECT is disabled (but should be enabled), manually trigger a system reset or disable the Access Port via software registers.
  5. Ensure decoupling capacitors are placed as close to the chip as possible to hamper voltage glitching attempts (board design).

References

Read the full report for CVE-2020-27211 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)