JTAG, Serial and USB Testing
Embedded systems come with different interfaces to interact with its users. However, some interfaces are not directly of use to end users. These interfaces are used during development or to service systems in the field. In many cases fully removing these interfaces in production is not possible from a business perspective. For an attacker these interfaces often provide the first stepping stone towards full control over the product.
Typical examples that we encounter are JTAG and serial ports. Other interfaces that may be used are USB, I2C and CAN. Security testing examines the possibilities of these interfaces for gaining control over the product and for extracting secrets from firmware or the CPU.
Testing interfaces is performed at both hardware and logical level. Some interfaces require reverse engineering of PCB layouts or chip pinouts. This can be accomplished by using tools such as a logical analyzer and techniques such as impedance measurements. Logical attacks can be mounted in combination with firmware reverse engineering to understand parsing of input over the interface. In some cases (side channel) timing attacks can be used to discover passwords to unlock interfaces.