Good Motive but Bad Design: Pitfalls in MPU Usage in Embedded Systems in the Wild


As more and more microcontroller-based embedded devices are connected to the Internet, as part of the Internet-of-Things (IoT), previously less tested (and insecure) devices are exposed to miscreants. To prevent them from being compromised, the memory protection unit (MPU), which is readily available on many of these devices, has the potential to enable many defenses. We comprehensively studied the MPU adoption in top operating systems for microcontrollers. Specifically, we investigated whether MPU is supported, how it is used, and whether the claimed security requirement has been effectively achieved by using it. Due to the added complexities and compatibility issues, we found that MPU has not received wide adoption in real products. Moreover, although MPU was developed for security purposes, it rarely fulfills its designed functionality and can be easily circumvented in many settings. We showcase concrete attacks to FreeRTOS and RIoT in this regard. We have reported our findings to the affected parties. Finally, we discuss the root cause of this situation. We hope our findings can inspire research on the novel usage of MPU in microcontrollers.

Black Hat Europe ‘22