MID-052: Physically Protect Circuit Board Traces and Chip Pins
Mitigation Tier: Foundational
Description
Data bus interception, chip readout, and other physical circuit board manipulation can be made more difficult through mechanical and design changes, such as moving bus traces to internal board layers, eliminating test headers, removing the silkscreen layer, choosing chip packages without exposed pins (e.g., BGA), placing epoxy over chips and traces, etc.
All of these mitigations hide board pins and traces, thereby making it more difficult for the threat actor to read data going to/from the chip without removing the chips themselves and altering the board, potentially damaging it beyond repair. Therefore, these mitigations increase the cost and difficulty for threat actors attempting to access information from the physical device.
Limitations: This mitigation increases the level of effort required to successfully exploit this threat but is not a full solution. Skilled and well-resourced adversaries may be slowed but not deterred. This approach may be useful when stronger mitigations such as bus encryption are not feasible. Additionally, these techniques can make the system more difficult to debug during development and during failure analysis of defective units.
IEC 62443 4-2 Mappings
- EDR / HDR / NDR 3.11 - Physical tamper resistance and detection
References
[1] Royal Circuit Solutions. “Hack-Attack — PCB Design Ideas to Foil Potential Hackers.” royalcircuits.com. Accessed: Aug. 28, 2024. [Online]. Available: https://www.royalcircuits.com/2019/11/22/hack-attack-pcb-design-ideas-to-foil-potential-hackers/