Side Channel Key Extraction Vulnerability in Bosch IP Cameras and Encoders

Published

2021-03-02 00:00:00 UTC

Summary

BOSCH-SA-762869-BT: A recently discovered side channel attack for the NXP P5x security microcontrollers was made public. It allows attackers to extract an ECDSA private key after extensive physical access to the chip. The P5x is used as secure certificate storage on Bosch cameras and encoders built on platforms CPP-ENC CPP3 CPP4 CPP5 CPP6 CPP7 and CPP7.3. Bosch does not include any ECDSA keys from factory but ECDSA keys can be installed or generated by the customer. Only the private key of the affected camera can be obtained by the attacker. Bosch rates this vulnerability with a CVSS v3.1 Base Score of 4.2 and recommends customers to take a risk based approach at using ECDSA keys and considering listed mitigations. The vulnerability was discovered by security researchers Victor Lomne and Thomas Roche and disclosed by NXP to Bosch.