An adversary exploits incorrect chaining or granularity of hardware debug components in order to gain unauthorized access to debug functionality on a chip. This happens when authorization is not checked on a per function basis and is assumed for a chain or group of debug functionality.
[Find and scan debug interface] The adversary must first find and scan a debug interface to determine what they are authorized to use and what devices are chained to that interface.
[Connect to debug interface] The adversary next connects a device to the JTAG interface using the properties found in the explore phase so that they can send commands. The adversary sends some test commands to make sure the connection is working.
[Move along debug chain] Once the adversary has connected to the main TAP, or JTAG interface, they will move along the TAP chain to see what debug interfaces might be available on that chain.
Weakness Name | |
---|---|
Incorrect Chaining or Granularity of Debug Components The product's debug components contain incorrect chaining or granularity of debug components. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |