Leaving Your Things Unattended is No Joke! Memory Bus Snooping and Open Debug Interface Exploits

TL;DR

This paper demonstrates how attackers can exploit open debug interfaces and exposed memory buses in IoT devices using simple tools and minimal time, highlighting security vulnerabilities in widely used connected devices.

Contribution

It provides practical case studies showing non-invasive physical attack methods on IoT devices through debug interfaces and memory buses, emphasizing ease of exploitation.

Findings

Attackers can exploit debug interfaces with minimal expertise.

Memory bus snooping can be performed using inexpensive equipment.

Attacks can be completed within 8 to 25 minutes.

Abstract

Internet of Things devices are widely adopted by the general population. People today are more connected than ever before. The widespread use and low-cost driven construction of these devices in a competitive marketplace render Internet-connected devices an easier and attractive target for malicious actors. This paper demonstrates non-invasive physical attacks against IoT devices in two case studies in a tutorial style format. The study focuses on demonstrating the: i)exploitation of debug interfaces, often left open after manufacture; and ii)the exploitation of exposed memory buses. We illustrate a person could commit such attacks with entry-level knowledge, inexpensive equipment, and limited time (in 8 to 25 minutes).