Microcontrollers in Internet of Things (IoT) devices often employ execute-only memory to safeguard critical firmware, such as Intellectual Property (IP) and system configuration functions. This security mechanism restricts external access to memory content, permitting only code execution. Additionally, user data stored in embedded memory is typically protected from unauthorized access. However, vulnerabilities in these security measures have been identified through advanced hardware assessment techniques, particularly invasive selective chemical engraving.
Selective chemical engraving facilitates the extraction of data from charge-based memory by visualizing binary data through electrochemical reactions. This process distinguishes programmed cells ("0") from erased cells ("1") by forming HF-insolvable oxide layers on charged floating gates. The technique achieves a low error rate of 0.34% and, when combined with single error correction-double error detection algorithms, ensures 100% data recovery without requiring access to the original programmed data.
To evaluate the efficacy of this method, the security of smartwatches storing sensitive information, such as application software and user health data in embedded Flash memory, was assessed. A comparison with non-invasive method further provides a comprehensive understanding of memory organization and validates the accuracy of extracted data.
These findings reveal the vulnerabilities in existing IoT microcontroller hardware assurance schemes and highlight the necessity of developing additional countermeasures to address security risks.