Leaving Your Things Unattended is No Joke! Memory Bus Snooping and Open Debug Interface Exploits
This work highlights critical security vulnerabilities in widely used IoT devices, posing risks to general consumers and manufacturers.
The paper demonstrates non-invasive physical attacks on IoT devices by exploiting open debug interfaces and exposed memory buses, showing that such attacks can be performed with entry-level knowledge and inexpensive equipment in 8 to 25 minutes.
Internet of Things devices are widely adopted by the general population. People today are more connected than ever before. The widespread use and low-cost driven construction of these devices in a competitive marketplace render Internet-connected devices an easier and attractive target for malicious actors. This paper demonstrates non-invasive physical attacks against IoT devices in two case studies in a tutorial style format. The study focuses on demonstrating the: i)exploitation of debug interfaces, often left open after manufacture; and ii)the exploitation of exposed memory buses. We illustrate a person could commit such attacks with entry-level knowledge, inexpensive equipment, and limited time (in 8 to 25 minutes).