Raspberry Pi RP2350 Challenge Cracked: Glitch Attack Bypasses Security
2025-01-05
Engineer Aedan Cullen may have won the $20,000 Raspberry Pi and Hextree RP2350 hacking challenge. He achieved this by performing a voltage injection glitch attack on pin 53 of the RP2350 chip. This bypassed multiple security features including Secure Boot, TrustZone, and glitch detectors, allowing him to read the secret stored in the One-Time Programmable (OTP) memory. Cullen's attack exploited a vulnerability to enable the normally disabled RISC-V cores and their debug access port. This demonstrates that even supposedly 'permanently disabled' security features are not foolproof, highlighting the complexities and challenges of hardware security design.
Tech
Hardware Hacking