TID-115: Firmware/Data Extraction via Hardware Interface
Threat Description
Unprotected programming or debugging interfaces may be used to extract device firmware, exposing it to reverse engineering that may reveal proprietary information, other exploitable vulnerabilities, or security-sensitive data stored in the firmware (such as keys and passwords). Examples include the Joint Test Action Group (JTAG) interface.
Threat Maturity and Evidence
Proof of Concept
Extracting firmware from devices using JTAG
Researcher Sergio Prado demonstrates in this article how to use the JTAG interface to extract firmware from a device.
CWE
CWE-1299: Missing Protection Mechanism for Alternate Hardware Interface
“The lack of protections on alternate paths to access control-protected assets (such as unprotected shadow registers and other external facing unguarded interfaces) allows an attacker to bypass existing protections to the asset that are only performed against the primary path.”
CWE-1191: On-Chip Debug and Test Interface With Improper Access Control
“The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.”