Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 2 au 4 juin 2021.

EEPROM: It Will All End in TearsChristian Herrmann, Philippe Teuwen


Date : 03 juin 2021 à 15:00 — 30 min.

RFID tags are supposed to be robust to situations such as a quick removal from the powering field when the user swipes a tag over a reader. We'll describe the various physical effects that can happen when an EEPROM write or erase operation is interrupted, and we'll explain how to control these side effects to learn about the inner mechanisms of security features and to challenge them. We'll show how to defeat four types of security features on different tags: erasing OTP bits, recovering a locking password, unlocking a read-only UID and resetting a secure counter. We attacked them successfully thanks to the different tools we developed and we share these tools to the community to facilitate future research.