WOOT '25 Technical Sessions

Security of Microcontroller Units (MCUs) is crucial for the modern computing landscape, as they often provide a root-of-trust to larger systems or are embedded in safety-critical applications. To prevent attackers from running unsigned code, many MCUs implement secure boot mechanisms.

One such MCU is the recently released RP2350, which combines secure boot with additional hardware features to protect against fault injection attacks. In this paper, we demonstrate the possibility of fault injection and secret extraction attacks despite the presence of dedicated countermeasures.

We showcase five different attacks that break the secure boot guarantees of a locked down RP2350 chip. Our attacks leverage voltage, electromagnetic, and laser fault injection techniques. They allow us to bring back disabled CPU cores and debugging ports, boot unverified firmware images, bypass signature verification checks, and provide unprivileged access to sensitive data. We further demonstrate direct extraction of antifuse memory contents using focused ion beam passive voltage contrast. To improve the MCU security landscape, we propose potential mitigations against our attacks and share our lessons learned with the community.

While many software vulnerabilities are blamed on software bugs, they can also be caused by hardware fault injection. Traditional fault injection methods rely on blind attacks based on simplified fault models, such as instruction skipping. These attacks require exhaustive experimentation across a wide range of fault parameters, with the methodology inferred solely from faulty outcomes, resulting in limited insight into fault impact and an overall inefficient approach. We present GLITCHGLÜCK, a novel approach that combines a tool for simulating hardware-software interactions with a methodology for guiding fault injection. The tool observes the system via scan-chain-accessible states and constructs the Dynamic State Transition Graph (DSTG), a temporal representation of how software instructions trigger interactions with hardware components. By analyzing the DSTG, GLITCHGLÜCK pinpoints fault injection parameters – such as when, where, and what to fault without relying on predefined fault models – thus avoiding the need for an exhaustive fault parameter search. This targeted, data-driven method bridges the gap between simulation and physical fault observation by using scan-chain. GLITCHGLÜCK is demonstrated on a physical OpenMSP430 ASIC chip with scan-chain support, and validated in simulation on PicoRV32 (RV32I) and IBEX (RV32IM) to confirm its applicability across different instruction set architectures and microarchitectures. We assess the effectiveness of several software countermeasures, such as instruction duplication and pin verification, using layout-aware fault simulations to guide fault attacks via clock glitching and laser-induced faults.

Bluetooth is a wireless data-transfer protocol used by billions of heterogeneous devices, including vehicles, smartphones, and laptops. Bluetooth devices are affected by security issues whose automated large-scale testing is challenging. In this work, we focus on Bluetooth Classic (BC) as there is no comprehensive open-source security testing framework. We fill this gap by designing and implementing BlueToolkit, a new BC security testing framework for automating recon, exploit testing, and report generation. Our tool tests the target over the air using a black-box approach, thus without prior hardware or software configuration knowledge. BlueToolkit tests 44 design and implementation exploits from six databases, including critical Machine-in-the-Middle (MITM), Remote Code Execution (RCE), and Denial of Service (DoS) ones. Moreover, it is extensible via a configuration system based on YAML files, allowing, among others, the integration of future exploits.

Despite the rise of Bluetooth usage in vehicles, its security in the automotive domain has been widely overlooked. We address this challenge using BlueToolkit to perform a comprehensive security assessment of real-world automotive In-Vehicle Infotainment (IVI) units. We evaluate 22 vehicles produced between 2016 and 2023 from 14 leading manufacturers. Each car underwent up to 44 tests, including design and implementation attacks, resulting in a total of 891 tests and 128 vulnerabilities. We also present four attacks we discovered during the experiments with the help of BlueToolkit. Our evaluation demonstrates that automotive Bluetooth security posture is inadequate and that BlueToolkit is effective in real-world use cases. We responsibly disclosed our findings to all affected vendors and open-sourced BlueToolkit.

The large integration of microphones into devices increases the opportunities for Acoustic Side-Channel Attacks (ASCAs), as these can be used to capture keystrokes' audio signals that might reveal sensitive information. However, the current State-Of-The-Art (SOTA) models for ASCAs, including Convolutional Neural Networks (CNNs) and hybrid models, such as CoAtNet, still exhibit limited robustness under realistic noisy conditions. Solving this problem requires either: (i) an increased model's capacity to infer contextual information from longer sequences, allowing the model to learn that an initially noisily typed word is the same as a futurely collected non-noisy word, or (ii) an approach to fix misidentified information from the contexts, as one does not type random words, but the ones that best fit the conversation context. In this paper, we demonstrate that both strategies are viable and complementary solutions for making ASCAs practical. We observed that no existing solution leverages advanced transformer architectures' power for these tasks and propose that: (i) Visual Transformers (VTs) are the candidate solutions for capturing long-term contextual information and (ii) transformer-powered Large Language Models (LLMs) are the candidate solutions to fix the "typos" (mispredictions) the model might make. Thus, we here present the first-of-its-kind approach that integrates VTs and LLMs for ASCAs.

We first show that VTs achieve SOTA performance in classifying keystrokes when compared to the previous CNN benchmark. Second, we demonstrate that LLMs can mitigate the impact of real-world noise. Evaluations on the natural sentences revealed that: (i) incorporating LLMs (e.g., GPT-4o) in our ASCA pipeline boosts the performance of error-correction tasks; and (ii) the comparable performance can be attained by a lightweight, fine-tuned smaller LLM (67 times smaller than GPT-4o), using Low-Rank Adaptation (LoRA). Our results and findings highlight the practical viability of our solution toward effective ASCA.

Emerging studies demonstrate that machine learning (ML) has the potential to improve the detection capabilities of network intrusion detection systems (NIDS) against evolving cyber threats. However, recent adversarial ML (AML) studies have revealed critical ML vulnerabilities. This paper presents innovative multistage red-teaming techniques to evaluate the robustness of ML-NIDS in real-world adversarial settings. Although extensive research has been conducted in this area, existing studies have critical shortcomings: (1) relying on unrealistic threat models, (2) focusing on traffic flow perturbation for evasion while neglecting that malicious activity occurs at the packet level, and (3) failing to preserve attack functionality after perturbation.

Guided by offensive security principles, we present DeepRed, an ML-powered Command and Control (C2) framework designed to evade targeted ML-NIDS while maintaining a stealthy post-exploitation communication channel. DeepRed leverages Generative Adversarial Networks (GANs) to generate adversarial examples that comply with TCP/IP constraints and are realizable as packet-level perturbations. We further propose two novel attack strategies, Single-Packet Single-Feature (SPSF) and Single-Feature Perturbation (SFP), to achieve evasion under highly constrained conditions with minimal perturbation. To enable robust evaluation, we built a comprehensive ML-NIDS benchmarking dataset containing benign and malicious traffic from our red-team exercises. Additionally, we introduce pipeline-independent adversarial testing to evaluate state-of-the-art models, such as FlowTransformer and SSCL-IDS, across varying features, training data, and preprocessing pipelines—while preserving attack functionality. Results demonstrate that DeepRed can reduce detection rates by up to 20%, highlighting the framework’s ability to bypass ML-NIDS while maintaining operational integrity.

OpenVPN is one of the most widely used VPN protocols, allowing for a connection to be securely proxied through another computer. Due to the protocol's critical role in securing communications, it is essential that OpenVPN remains robust against attacks. Previous work has discovered vulnerabilities in OpenVPN, revealing its susceptibility to denial of service, the potential for flow fingerprinting, and the risk of VPN protection being bypassed through operating system exploits or TCP connection hijacking.

In this work, we take a systematic approach to finding attacks by inferring the protocol's specification. We study OpenVPN configured with both the UDP and TCP variants. Given that no standard exists and specification is sparse, we first construct a detailed message sequence chart of the protocol handshake under the UDP and TCP modes, respectively. We use this information to perform systematic adversarial testing with malformed configurations, replay attacks, denial-of-service, resilience to acknowledgments-related attacks, and packet value modifications based on protocol semantics.

We found several new attacks: two new denial-of-service attacks due to the replay of control and acknowledgment packets, the incorrect handling of input validation for 17 protocol configuration options, a scenario where due to an inconsistent view of the state of the connection, the server sends data prematurely to the client causing the client to ignore it, and a scenario where a malicious client configured with weaker authentication can degrade the performance of a victim client configured with stronger authentication.

Ferroelectric random access memory (FRAM) corruption has primarily been investigated in the context of safety for space applications and the associated radiation. In this work, we present the first in-depth analysis of the effects of fault injection on FRAM technology from a security perspective. This includes the identification of potentially vulnerable signals in the control circuit. Based on a theoretical consideration of possible weak points, we carry out practical attacks on external memory devices from different manufacturers. After a detailed analysis, we demonstrate the feasibility of this attack on an FRAM-based microcontroller, namely the MSP430FR. We show how the write-back operation, an FRAM intrinsic operation, can be exploited to reactivate the debug interface of the microcontroller. The attack can be carried out in less than a minute and with modest equipment costs, highlighting its practicability. Based on our analysis, we conclude with different mitigations that manufacturers can implement to enhance security.

Programmable Logic Controllers (PLCs) are critical to industrial control systems (ICS), yet their memory remains a prime target for exploitation. While traditional attacks focus on network intrusions, PLC memory manipulation enables sophisticated attacks, such as malicious process control and supply chain backdoors. Existing security measures, including intrusion detection systems (IDS), fail to detect these threats, necessitating a systematic approach to analyzing and exploiting PLC memory. This paper presents a machine learning-driven framework for PLC memory exploitation, identifying critical regions vulnerable to unauthorized access and manipulation. Using extracted features such as entropy-based and structural characteristics, we classify PLC memory into exploitable segments, including metadata and control logic. Our method enables precise targeting of PLC memory for adversarial access, injection, and modification, operating independently of PLC-specific semantics. By training on an M221 PLC, we demonstrate its generalization across architectures, successfully exploiting PLCs with distinct instruction sets. We evaluate our approach on three PLCs from two vendors, actively probing memory to elicit responses such as accept, deny, halt, and compromise. The results expose inconsistencies in memory protections across PLC architectures, reinforcing the need for improved memory integrity in ICS environments. As part of our research, we identified and disclosed a critical PLC memory vulnerability (CVE-2024-11737)

WhatsApp, the world’s largest messaging application, uses a version of the Signal protocol to provide end-to-end encryption (E2EE) with strong security guarantees, including Perfect Forward Secrecy (PFS). To ensure PFS right from the start of a new conversation—even when the recipient is offline—a stash of ephemeral (one-time) prekeys must be stored on a server. While the critical role of these one-time prekeys in achieving PFS has been outlined in the Signal specification, we are the first to demonstrate a targeted depletion attack against them on individual WhatsApp user devices. Our findings not only reveal an attack that can degrade PFS for certain messages, but also expose inherent privacy risks and serious availability implications arising from the refilling and distribution procedure essential for this security mechanism.

The extract call in PHP poses a similar threat to the security of a PHP application, if used naively, as the register_globals configuration that has been removed from PHP in version 5.3. We provide an attack analysis of its usage, showing the impact that unsafe usage can have. To understand how the security impact of extract manifests, we conduct a large-scale static analysis of 28325 open-source PHP projects to detect its insecure usage. Subsequently, we investigate each detected potentially vulnerable call manually to assess its security implications for the surrounding project and discover a total of 154 injection vulnerabilities and 86 CFG high jacking threats, including 60 privilege escalations. Thus demonstrating the danger of extract. As our final contribution, we discuss multiple paths forward for PHP to mitigate the dangers of this call.

Exploit proof-of-concepts (PoCs) for known vulnerabilities are widely shared in the security industry. They help security analysts to learn from each other and facilitate security assessments and red teaming tasks. In recent years, PoCs have been widely distributed, e.g., via dedicated websites and platforms, and also via public code repositories such as GitHub. However, there is no guarantee that publicly shared PoCs come from trustworthy sources or even that they do what they are supposed to do. Security researchers and practitioners have widely reported cases of malicious PoCs that aim to attack the analyst utilizing them.

In this work, we propose a tool called SecurePoC that can help security analysts to triage GitHub-hosted PoCs and identify malicious ones. To design and evaluate the tool, we have collected a large dataset of 20,433 unique GitHub-hosted PoC repositories for CVEs issued in 2016-2024. Our analysis shows that approximately 2.5% of these repositories are likely malicious. This shows that security analysts need to attentively scrutinize the PoCs they intend to use. Our SecurePoC can become an efficient and effective aide in triaging these PoCs.

Bootkits and rootkits are among the most elusive and persistent forms of malware, subverting system defenses by operating at the lowest levels of system architecture. Bootkits compromise the firmware or bootloader, allowing them to manipulate the boot sequence and gain control before security mechanisms initialize. Meanwhile, rootkits embed themselves within the OS kernel, stealthily conceal malicious activities, and maintain long-term persistence. Despite their critical implications for security, these threats remain underexplored due to the technical complexity involved in their study, the scarcity of real-world samples, and the challenges posed by defense-in-depth security in modern OSes.

In this paper, we introduce BOOTKITTY, a hybrid bootkit-rootkit capable of circumventing modern security features in multiple OS platforms, across Windows, Linux, and Android. We explore critical firmware and bootloader vulnerabilities that can lead to a low-level compromise, demonstrating techniques that bypass advanced security protections by breaking the chain of trust. Our study addresses technical challenges such as exploiting UEFI drivers, manipulating kernel memory, and evading advanced mitigations in the boot process, and provides actionable insights. Our systematic evaluations show that BOOTKITTY reveals critical weaknesses in contemporary security mechanisms, highlighting the need for better security design that offers holistic (low-level) protection.