Impedance Leakage Vulnerability and its Utilization in Reverse-engineering Embedded Software

TL;DR

This paper uncovers impedance as a novel side channel in embedded devices, demonstrating its potential to leak software instructions with high accuracy and discussing both its risks and possible countermeasures.

Contribution

It introduces impedance leakage as a new side channel for reverse-engineering embedded software, highlighting its significance and exploring mitigation strategies.

Findings

Impedance varies with executed programs on embedded devices.

Impedance side channel achieves over 92% accuracy in instruction detection.

Potential for both security risks and beneficial applications is discussed.

Abstract

Discovering new vulnerabilities and implementing security and privacy measures are important to protect systems and data against physical attacks. One such vulnerability is impedance, an inherent property of a device that can be exploited to leak information through an unintended side channel, thereby posing significant security and privacy risks. Unlike traditional vulnerabilities, impedance is often overlooked or narrowly explored, as it is typically treated as a fixed value at a specific frequency in research and design endeavors. Moreover, impedance has never been explored as a source of information leakage. This paper demonstrates that the impedance of an embedded device is not constant and directly relates to the programs executed on the device. We define this phenomenon as impedance leakage and use this as a side channel to extract software instructions from protected memory. Our experiment on the ATmega328P microcontroller and the Artix 7 FPGA indicates that the impedance side channel can detect software instructions with 96.1% and 92.6% accuracy, respectively. Furthermore, we explore the dual nature of the impedance side channel, highlighting the potential for beneficial purposes and the associated risk of intellectual property theft. Finally, potential countermeasures that specifically address impedance leakage are discussed.