A new class of microarchitectural side-channel attacks affecting Microcontrollers.

About BUSted

BUSted is a novel class of microarchitectural side-channel attacks that exploit timing differences in the arbitration logic of microcontrollers (MCUs) bus interconnect. It can bypass all security protections, including memory protection units (MPUs) and TrustZone, and steal secrets in real-time. Unlike other side-channel attacks, BUSted does not rely on complex microarchitectural components such as caches or branch predictors. It is effective even in very restrictive setups – single-core MCUs with interrupts disabled, and running applications operating over ephemeral secrets. The spy logic of BUSted is implemented through hardware gadgets – groups of interconnect peripherals that operate autonomously, obviating CPU intervention. By targeting a ubiquitous microarchitectural component found in all MCUs, BUSted poses a substantial security hazard to the entire range of MCUs, including Armv6-M, Armv7-M, Armv8-M, RISC-V, PIC, and AVR

Media Hits


Security Concerns ?

We are here to put your mind at ease.

Our team provides guidance on the security challenges presented by the BUSted attack, offering strategic advice to help you understand and mitigate the risks associated with BUSted.
We offer training courses designed to equip you with the skills and knowledge required to understand, replicate, and defend against the BUSted attack.

Our highly skilled team conducts comprehensive security assessments and penetration tests specifically focused on identifying vulnerabilities related to the BUSted attack.

Talk With Us

The Wizards


Cristiano Rodrigues


Daniel Oliveira


Sandro Pinto