CWE-1324 – Sensitive Information Accessible by Physical Probing of JTAG Interface

Read Time:39 Second

Description

Sensitive information in clear text on the JTAG
interface may be examined by an eavesdropper, e.g.
by placing a probe device on the interface such as a logic
analyzer, or a corresponding software technique.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-300

 

Consequences

Confidentiality: Read Memory, Read Files or Directories, Read Application Data

 

Potential Mitigations

Phase: Manufacturing

Effectiveness: High

Description: 

Disable permanently the JTAG interface before releasing the system to untrusted users.

Phase: Architecture and Design

Effectiveness: High

Description: 

Encrypt all information (traffic) on the JTAG interface using an approved algorithm (such as recommended by NIST). Encrypt the path from inside the chip to the trusted user application.

Phase: Implementation

Effectiveness: High

Description: 

Block access to secret data from JTAG.

CVE References