This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to prevent rogue application from using modem security tags

I'm wondering about a scenario where an attacker has physical access, and manages to program their custom application into our device. They could use our stored credentials to authenticate the device, as there doesn't appear to be a mechanism to prevent this.

Is there a way to prevent this? Can the modem firmware validate the application firmware before granting access to the security tags? Is there some mechanism in place that I'm not aware of that prevents this scenario?

Regards,

Josh

  • Hi!

    So, first of all,  we have security features to protect against an attacker getting physical access to a device and overwriting the FW (see APPROTECT, ERASEPROTECT, and SECUREAPPROTECT in Enabling device protection).

    But assuming that an attacker is able to overwrite the FW, the application can't actually read out any "secrets" from the modem. It can ask to use the credentials stored in a security tag, so the application has to know which sec_tag to use. 

    Perhaps the immutable bootloader can do some validation and then disable ERASEALL manually to ensure the bootloader isn't overwritten.

    Let me ask around if there is any such protection mechanism I am not aware of.

    Best regards,

    Heidi

  • Hi!

    So, it doesn't look like we have any specific protection mechanism for the case you're describing, where an attacker has physical access to a device and can overwrite the application FW. The reason for this is simply because if APPROTECT is enabled, it blocks read/write access to all CPU registers and memory-mapped addresses, so overwriting the application FW is not possible. 

    An attacker could try FOTA or DFU over serial, but in that case, the custom MCU boot signing key will prevent an attacker from flashing an arbitrary firmware. 

    Please let me know if there's anything more I can answer for you.

    Best regards,

    Heidi

  • Is setting APPROTECT alone sufficient, or do you need to also set ERASEPROTECT and SECUREAPPPROTECT?

    It seems like you probably need to set all three, right?

Related