TID-119: Latent Hardware Debug Port Allows Memory/Code Manipulation
Threat Description
Hardware debugging ports (e.g., JTAG) oftentimes have high privileges or direct access to the running device’s memory and integrated hardware. By leveraging one of these hardware debugging ports, an adversary may be able to read memory values off of the device, change the value of a section of memory during runtime, or control the execution of code on the processor. This can give threat actors increased privileges on the device or bypass other security protections.
Threat Maturity and Evidence
Proof of Concept
hw-101-jtag (Parts 1, 2 and 3)
Researchers at River Loop Security demonstrate here how to manipulate and read memory from a JTAG port.
CWE
CWE-1191: On-Chip Debug and Test Interface With Improper Access Control
“The chip does not implement or does not correctly perform access control to check whether users are authorized to access internal registers and test modes through the physical debug/test interface.”