Whiteboard Wednesday:

Staying Protected with Hardware Security Concepts

January 16, 2019

In this week’s Whiteboard Wednesday, Deral Heiland, Research Lead for IoT Technology, provides insight into how you can ensure your processors’ flash memory is protected against attacks. Learn the different hardware security concepts that will limit access to your processors and intellectual property from various entry points like GPIO, SPI, and JTAG.

Video Transcript

Welcome to this week's White Board Wednesday. My name's Deral Heiland, Research Lead for IoT Technology here at Rapid7.

Today, we're going to be talking about hardware security concepts. What I'm going to be dealing with here is a couple key pieces. One is dealing with: How do we protect flash memory in processors? Also, we're going to be talking about: How do we protect access into that processor and the flash memory from various other entry points?

The way we do this is often this technology ... not often, actually, always ... this technology has the capability inside processors, CPUs and MCUs to actually protect the onboard flash memory. The way this is done with is basically with no read-back bits being set on the technology.

What does that mean? What it means is these devices can actually have a bit set on them to make it possible that the attacker cannot get access to the flash memory. He may be able to write to it, but he will not be able to read this back.

Why do I mention this? The way I do is because a number of times we encounter during testing where this bits are not actually properly set. Now most vendors want to protect their intellectual property that's actually stored on these devices, so they need to leverage the technology the way it was meant to be leveraged. Turn on the no read-back bits so that an attacker cannot read the memory out of the flash. Step one.

The other one is, how can we gain access via JTAG, SPI or various other configurations on this device? It's fairly simple most of the time, unless the manufacturer decides to properly deploy the technology the way it was meant. The way they do that is, we can often disable JTAG or SPI via settings within the actual chip. If not, we can often make it difficult to gain access on the actual circuit board by cutting runs, removing capacitors or resistors. Often this technology utilizes GPIOs for actually configuring JTAGS, URs and SPI connections into the chip.

Before the technology's deployed, let's take advantage to disable the functionality prior to actually deploying the technology. Also, make sure that no read-back bit is set so that we cannot easily pull your firm ware out of your device.

That's it for this week's White Board Wednesday. We'll talk to you next week. Thank you.

Rapid7 IoT Security Services

Secure every last connected thing: Let Rapid7 experts identify and mitigate risk across your IoT ecosystem.

Get More Info