Side Channel Key Extraction Vulnerability in Bosch IP Cameras and Encoders
BOSCH-SA-762869-BT
Advisory Information
- Advisory ID: BOSCH-SA-762869-BT
-
CVE Numbers and CVSS v3.1 Scores:
-
CVE-2021-3011
- Base Score: 4.2 (Medium)
-
CVE-2021-3011
- Published: 03 Mar 2021
- Last Updated: 03 Mar 2021
Summary
A recently discovered side channel attack for the NXP P5x security microcontrollers was made public. It allows attackers to extract an ECDSA private key after extensive physical access to the chip. The P5x is used as secure certificate storage on Bosch cameras and encoders built on platforms CPP-ENC, CPP3, CPP4, CPP5, CPP6, CPP7 and CPP7.3.
Bosch does not include any ECDSA keys from factory, but ECDSA keys can be installed or generated by the customer. Only the private key of the affected camera can be obtained by the attacker.
Bosch rates this vulnerability with a CVSS v3.1 Base Score of 4.2 and recommends customers to take a risk based approach at using ECDSA keys and considering listed mitigations.
The vulnerability was discovered by security researchers Victor Lomne and Thomas Roche and disclosed by NXP to Bosch.
Affected Products
- Bosch AUTODOME 700 IP IVA on: CPP3
- Bosch AUTODOME 7000 series on: CPP4
- Bosch AUTODOME 800 on: CPP3
- Bosch AUTODOME Easy II IP series on: CPP3
- Bosch AUTODOME IP 4000 HD on: CPP4
- Bosch AUTODOME IP 4000i on: CPP7.3
- Bosch AUTODOME IP 5000 HD on: CPP4
- Bosch AUTODOME IP 5000 IR on: CPP4
- Bosch AUTODOME IP 5000i on: CPP7.3
- Bosch AUTODOME IP starlight 5000i (IR) on: CPP7.3
- Bosch AUTODOME IP starlight 7000i on: CPP7.3
- Bosch AUTODOME Junior 800 on: CPP3
- Bosch AUTODOME Junior HD, Jr HD fix on: CPP3
- Bosch DINION 2X, NBN-498-P on: CPP3
- Bosch DINION HD 1080p on: CPP4
- Bosch DINION HD 1080p HDR on: CPP4
- Bosch DINION HD 720p on: CPP4
- Bosch DINION IP 3000i on: CPP7.3
- Bosch DINION IP 4000 HD on: CPP4
- Bosch DINION IP 5000 HD on: CPP4
- Bosch DINION IP 5000 MP on: CPP4
- Bosch DINION IP bullet 4000 on: CPP4
- Bosch DINION IP bullet 4000i on: CPP7.3
- Bosch DINION IP bullet 5000 on: CPP7.3
- Bosch DINION IP bullet 5000 on: CPP4
- Bosch DINION IP bullet 5000i on: CPP7.3
- Bosch DINION IP bullet 6000i on: CPP7.3
- Bosch DINION IP starlight 6000 on: CPP7
- Bosch DINION IP starlight 7000 on: CPP7
- Bosch DINION IP starlight 7000 HD on: CPP4
- Bosch DINION IP starlight 8000 12MP on: CPP6
- Bosch DINION IP thermal 8000 on: CPP7
- Bosch DINION IP thermal 9000 RM on: CPP7
- Bosch DINION IP ultra 8000 12MP on: CPP6
- Bosch DINION IP ultra 8000 12MP with C/CS mount telephoto lens on: CPP6
- Bosch DINION XF 720p+, NBN-921-P on: CPP3
- Bosch DINION XF, NBC-455-P on: CPP3
- Bosch DINION imager 9000 HD on: CPP4
- Bosch EXTEGRA IP dynamic 9000 on: CPP4
- Bosch EXTEGRA IP starlight 9000 on: CPP4
- Bosch Economic version VIP-X1XF-E on: CPP3
- Bosch Economy Box Cameras, NBC-225 series, NBC-255 series, NTC-255-PI on: CPP3
- Bosch Economy Dome Cameras, NDC-225 series, NDC-255 series on: CPP3
- Bosch Economy HD Box Cameras, NBC-265 series, NTC-265-PI on: CPP3
- Bosch Economy HD Dome Cameras, NDC-265 series, NDN-265-PIO on: CPP3
- Bosch Extreme series EX30 IR, NEI-30 IR Imager on: CPP3
- Bosch FLEXIDOME 2X, NDN-498-P on: CPP3
- Bosch FLEXIDOME HD 1080p on: CPP4
- Bosch FLEXIDOME HD 1080p HDR on: CPP4
- Bosch FLEXIDOME HD 720p on: CPP4
- Bosch FLEXIDOME IP 3000i on: CPP7.3
- Bosch FLEXIDOME IP 4000i on: CPP7.3
- Bosch FLEXIDOME IP 5000i on: CPP7.3
- Bosch FLEXIDOME IP indoor 4000 HD on: CPP4
- Bosch FLEXIDOME IP indoor 4000 IR on: CPP4
- Bosch FLEXIDOME IP indoor 5000 HD on: CPP4
- Bosch FLEXIDOME IP indoor 5000 MP on: CPP4
- Bosch FLEXIDOME IP micro 2000 HD on: CPP4
- Bosch FLEXIDOME IP micro 2000 IP on: CPP4
- Bosch FLEXIDOME IP micro 5000 HD on: CPP4
- Bosch FLEXIDOME IP micro 5000 MP on: CPP4
- Bosch FLEXIDOME IP outdoor 4000 HD on: CPP4
- Bosch FLEXIDOME IP outdoor 4000 IR on: CPP4
- Bosch FLEXIDOME IP outdoor 5000 HD on: CPP4
- Bosch FLEXIDOME IP outdoor 5000 MP on: CPP4
- Bosch FLEXIDOME IP panoramic 5000 on: CPP4
- Bosch FLEXIDOME IP panoramic 6000 12MP 180 on: CPP6
- Bosch FLEXIDOME IP panoramic 6000 12MP 180 IVA on: CPP6
- Bosch FLEXIDOME IP panoramic 6000 12MP 360 on: CPP6
- Bosch FLEXIDOME IP panoramic 6000 12MP 360 IVA on: CPP6
- Bosch FLEXIDOME IP panoramic 7000 12MP 180 on: CPP6
- Bosch FLEXIDOME IP panoramic 7000 12MP 180 IVA on: CPP6
- Bosch FLEXIDOME IP panoramic 7000 12MP 360 on: CPP6
- Bosch FLEXIDOME IP panoramic 7000 12MP 360 IVA on: CPP6
- Bosch FLEXIDOME IP starlight 5000i (IR) on: CPP7.3
- Bosch FLEXIDOME IP starlight 6000 on: CPP7
- Bosch FLEXIDOME IP starlight 7000 on: CPP7
- Bosch FLEXIDOME IP starlight 8000i on: CPP7.3
- Bosch FLEXIDOME XF 720p+, NDN-921-P on: CPP3
- Bosch FLEXIDOME XF, NDC-455-P on: CPP3
- Bosch FLEXIDOME corner 9000 MP on: CPP4
- Bosch Far Infra-Red camera, VOT-320 on: CPP3
- Bosch IP bullet 4000 HD on: CPP4
- Bosch IP bullet 5000 HD on: CPP4
- Bosch IP micro 2000 on: CPP4
- Bosch IP micro 2000 HD on: CPP4
- Bosch MIC IP PSU on: CPP3
- Bosch MIC IP dynamic 7000 on: CPP4
- Bosch MIC IP fusion 9000i on: CPP7.3
- Bosch MIC IP starlight 7000 on: CPP4
- Bosch MIC IP starlight 7000i on: CPP7.3
- Bosch MIC IP starlight 7100i on: CPP7.3
- Bosch MIC IP ultra 7100i on: CPP7.3
- Bosch REG 1.5 IP and REG L2 on: CPP3
- Bosch TINYON IP 2000 family on: CPP4
- Bosch VG4 AUTODOME IP series on: CPP3
- Bosch VG5 AUTODOME IP series on: CPP3
- Bosch VIDEOJET connect 7000, VJC-7000 on: CPP-ENC
- Bosch VIDEOJET decoder 3000, VJD-3000 on: CPP-ENC
- Bosch VIDEOJET multi 4000 on: CPP5
- Bosch VIP X1 XF Single-Channel H.264 Encoder on: CPP3
- Bosch VIP-X1600-XFM4 on: CPP-ENC
- Bosch VIP-X16XF-E on: CPP5
- Bosch VJT-X20/X40XF-E on: CPP-ENC
- Bosch VJT-XTCXF on: CPP-ENC
- Bosch Vandal-proof FLEXIDOME HD 1080p on: CPP4
- Bosch Vandal-proof FLEXIDOME HD 1080p HDR on: CPP4
- Bosch Vandal-proof FLEXIDOME HD 720p on: CPP4
- Bosch Video Conference Dome IVA on: CPP3
- Bosch WLAN cameras NBC-255-W and NBC-265-W on: CPP3
Solution and Mitigations
Vulnerability Fix
The vulnerable chip cannot be updated, no fix is available. Please use a risk based approach and consider listed mitigations.
Replacing ECDSA Keys with RSA Keys
In case ECDSA keys are used on this device, new keys using RSA can be created or uploaded which are not vulnerable to this attack
Invalidating lost keys / devices
If a device is lost or missing, the according keys should be invalidated in the according CA and certificate revocation information distributed via CRL or OCSP so an attacker cannot use these keys any more.
Secure Disposal
When disposing the camera a wipe of the camera should be performed before taking it out of order. A wipe (factory default) will securely delete the keys (and other sensitive data) on the device, making it impossible to recover certificates from it.
Upgrade camera model
The upcoming cameras built on CPP13 and CPP14 are not using the vulnerable chip any more.
Vulnerability Details
CVE-2021-3011
Multiple Bosch IP cameras and encoders are affected by CVE-2021-3011.
As the vulnerability is related to the built-in hardware component, there is no firmware relation. All platforms CPP-ENC, CPP3, CPP4, CPP5, CPP6, CPP7 and CPP7.3 are affected, regardless of firmware version installed.
The Attacker must obtain the camera physically, open the device, gain access to the security microcontroller and perform detailed analysis by physical intrusion on the chip. The equipment and knowledge for conducting side-channel attacks on the chip is necessary by the attacker.
If the attack is successful the private key for an ECDSA certificate can be extracted from the chip.
Bosch does not include any default certificates using ECDSA keys. ECDSA keys can only be installed or generated by the customer. If no ECDSA keys are used on the device this vulnerability does not apply.
Installed ECDSA certificates may be used by the customer as:
- HTTPS certificate for the camera
- Signing Video Streams
- Network authentication (802.1X)
If different certificates are used for each camera, the attacker can only obtain the private key for a single camera.
Depending on the usage of the extracted key, an attacker would have the possibility to conduct MITM (Man in the Middle) attacks, create signed video streams or authenticate to network.
CVE description: An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).
- Problem Type:
-
CVSS Vector String:
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Base Score: 4.2 (Medium)
Remark
Vulnerability classification has been performed using the CVSS v3.1 scoring system . The CVSS environmental score is specific to each customer’s environment and should be defined by the customer to attain a final scoring.
Additional Resources
Please contact the Bosch PSIRT if you have feedback, comments, or additional information about this vulnerability at: psirt@bosch.com .
Revision History
- 03 Mar 2021: Initial Publication