Pitfalls for Security Isolation in Multi-CPU Systems
Simeon Hoffmann
Network and Distributed System Security (NDSS) Symposium 2026 · Day 2 · Systems Security
As IoT devices demand more computational power without increasing power consumption, manufacturers have turned to **multi-CPU architectures** -- multiple processors on a single chip, each running independent firmware. This talk presents the first systematic security assessment of these multi-CPU embedded systems, revealing that the assumed security boundary between CPUs is largely illusory. The researchers identified **four attack vectors** across memory, bus, peripheral, and CPU communication domains, and found that **more than half of the top 10 MCU manufacturers' multi-CPU device families are vulnerable**.
AI review
A systematic teardown of security isolation in multi-CPU embedded systems that reveals more than half of major MCU manufacturers' device families are vulnerable. The Galaxy Ring exploit demonstrating kernel-mode data leakage from the network core is a compelling real-world validation. The confused deputy peripheral attack using DMA as a cross-CPU memory access proxy is elegant. The vendor blame-shifting disclosure story is a masterclass in the dysfunction of IoT security responsibility.