In a statement last Friday, BLACK HAT ASIA Arm said that a successful side attack on one of its Cortex-M systems with TrustZone enabled was "not a failure of the protection offered by the architecture."

"The Security Extensions for the Armv8-M architecture do not claim to protect against side-channel attacks due to control flow or memory access patterns. Indeed, such attacks are not specific to the Armv8-M architecture; they may apply to any code with secret-dependent control flow or memory access patterns," argued Arm.

Arm released the statement following a presentation titled "Hand Me Your Secret, MCU! " at the Black Hat Asia infosec conference last week. Microarchitectural Timing Attacks on Microcontrollers are Practical" - claimed that side-channel attacks are possible on the microcontrollers made by the chip design company.

Researchers from Portugal's Universidade do Minho (UdM) were successful in demonstrating that MCUs were vulnerable to similar attacks. Their findings were based on the 2018 discovery of Spectre and Meltdown, the Intel CPU architecture vulnerabilities that opened Pandora's box of microarchitecture transient state side attacks.

Historically, servers, PCs, and mobile devices were the principal targets of microarchitectural attacks. Due to the systems' simplicity, microcontrollers (MCUs) like Arm's Cortex-M were considered an unlikely target. However, a successful assault would have serious repercussions because MCUs are included in almost all IoT devices, as UdM researchers Sandro Pinto and Cristiano Rodrigues explained at Black Hat Asia last Friday.

The researchers are calling their discovery the first microarchitectural side-channel attack for MCUs. A side-channel attack is a strategy that gets through CPU memory isolation protections by recovering or stealing knowledge about a system through observation.

The researchers described that the attacks take advantage of the timing differences exposed through the bus interconnect arbitration logic. The bus interconnect cannot support two transactions to access a value in memory issued simultaneously by two bus masters within the MCU, such as the CPU and Direct Memory Access (DMA) block. It delays the other while giving one priority.

The researchers applied this logic in an effort to analyze how much the victim application was delayed, and thus infer the secret PIN. The procedure was automated by running the spy logic independently of the CPU in the background using the peripherals.

For MCU CPUs and bus interconnect designs, Arm has a significant market share. The chipmaker claims that its TrustZone-M technology, when combined with other safeguards, provides tamper-proof security for the entire MCU, including defense against side attacks. Arm wants to at the very least render such attacks "uneconomical."