Communication interfaces
Serial interfaces (such as SPI, I2C or USART) are used either by the bootloader or by applications to exchange
data and/or commands with the device. The interception of a communication allows an attacker to use the
interface as a device entry point. The firmware protocol can also be prone for bugs (like overflow).
• Risk: Access to device content
• Countermeasures:
– Make physical bus hard to reach on board.
– Isolate software communication stacks to prevent them from accessing critical data and operations.
– Use cryptography for data exchange.
– Disable I/F ports when not needed.
– Check inputs carefully.
Debug port
The debug port provides access to the full content of the device: core and peripherals registers, flash memory and
SRAM content. Used for application development, it may be tempting to keep it alive for investigating future bugs.
This is the first breach tried by an attacker with physical access to the device.
• Risk: full access to the device
• Countermeasure: Disable device debug capabilities (see Section 6.2 Readout protection (RDP)).
External peripheral access
An IoT device controls sensors and actuators depending on the global application. An attacker can divert the
system by modifying data coming from sensors or by shunting output data going to actuators.
• Risk: incorrect system behavior.
• Countermeasure: anti-tamper to detect system intrusion at board level
Sensitive firmware and data
Some parts of the firmware need special protection: for example the cryptographic algorithm or a third-party
library. In addition, selected data may need enhanced protection if they are considered as valuable assets
(cryptographic keys).
The internal memory content must be protected against external accesses (such as communication interfaces)
and internal accesses (other software processes). The memory attributes and the firewall are the main protections
for process and data isolation.
• Risks: sensitive firmware copy or data theft
• Countermeasures:
– execute-only access right (XO)
– firewall
– memory protection unit
– secure area
– encryption of external memory
AN5156
List of attack targets
AN5156 - Rev 8
page 14/56
To Next Page
Loading...
Need help?
General
