This is why hardware key management is so important. In this case the processor contains hardware cryptographic engines yet no dedicated key storage or tamper protection. This means that keys have to be stored in internal Flash or RAM which opens up vulnerabilities allowing keys to be extracted.
A proper secure processor implements dedicated key storage memory combined with active tamper detection. If a tamper event is detected by the processors security sub-system; then the key storage area will be actively cleared preventing key extraction. Examples of these processors include the Maxim USIP, Freescale i.MX258 or the Broadcom BCM5982.
The analysis performed here validates how much implementation matters when designing a secure system.