Leaving Your Things Unattended is No Joke! Memory Bus Snooping and Open Debug Interface Exploits

Internet of Things devices are widely adopted by the general population. People today are more connected than ever before. The widespread use and low-cost driven construction of these devices in a competitive marketplace render Internet-connected devices an easier and attractive target for malicious actors. This paper demonstrates non-invasive physical attacks against IoT devices in two case studies in a tutorial style format. The study focuses on demonstrating the: i)exploitation of debug interfaces, often left open after manufacture; and ii)the exploitation of exposed memory buses. We illustrate a person could commit such attacks with entry-level knowledge, inexpensive equipment, and limited time (in 8 to 25 minutes).
Comment: Published in IEEE PerCom Workshops 2022,978-1-6654-1647-4/22/$31.00 pp.643-648 Copyright 2022 IEEE