CAPEC-702

Detailed Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Draft MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Low Severity: Medium
Exploiting Incorrect Chaining or Granularity of Hardware Debug Components

Description

An adversary exploits incorrect chaining or granularity of hardware debug components in order to gain unauthorized access to debug functionality on a chip. This happens when authorization is not checked on a per function basis and is assumed for a chain or group of debug functionality.

Prerequisites

Hardware device has an exposed debug interface

Mitigations

Implement: Ensure that debug components are properly chained, and their granularity is maintained at different authorization levels

Perform Post-silicon validation tests at various authorization levels to ensure that debug components are only accessible to authorized users

Skills Required

[Medium] Ability to identify physical debug interfaces on a device

[Medium] Ability to operate devices to scan and connect to an exposed debug interface