Kévin Courdesses Breaks the ESP32-V3, ESP32-C3, and ESP32-C6 Wide Open with a Side-Channel Attack

Hardware and embedded software engineer Kévin Courdesses has replicated research into breaking the flash encryption on selected Espressif ESP32 microcontrollers — including the ESP32-C3 and ESP32-C6 — using side-channel attacks to extract data and even bypass secure boot functionality.

"I recently read the Unlimited Results: Breaking Firmware Encryption of ESP32-V3 (Abdellatif et al, 2023) paper," Courdesses explains. "This paper is about breaking the firmware encryption feature of the ESP32 SoC [System on Chip] using a side-channel attack. This was an interesting read, and soon, I wanted to try to reproduce these results. To understand everything about this attack, I wanted to start from scratch, even if it meant sometimes reinventing the wheel."