• State Verified Answer
  • Replies 4 replies
  • Subscribers 74 subscribers
  • Views 831 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 261144
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to prevent rogue application from using modem security tags

JVantol

I'm wondering about a scenario where an attacker has physical access, and manages to program their custom application into our device. They could use our stored credentials to authenticate the device, as there doesn't appear to be a mechanism to prevent this.

Is there a way to prevent this? Can the modem firmware validate the application firmware before granting access to the security tags? Is there some mechanism in place that I'm not aware of that prevents this scenario?

Regards,

Josh

Parents
  • 0

    Hi!

    So, it doesn't look like we have any specific protection mechanism for the case you're describing, where an attacker has physical access to a device and can overwrite the application FW. The reason for this is simply because if APPROTECT is enabled, it blocks read/write access to all CPU registers and memory-mapped addresses, so overwriting the application FW is not possible. 

    An attacker could try FOTA or DFU over serial, but in that case, the custom MCU boot signing key will prevent an attacker from flashing an arbitrary firmware. 

    Please let me know if there's anything more I can answer for you.

    Best regards,

    Heidi

Reply
  • 0

    Hi!

    So, it doesn't look like we have any specific protection mechanism for the case you're describing, where an attacker has physical access to a device and can overwrite the application FW. The reason for this is simply because if APPROTECT is enabled, it blocks read/write access to all CPU registers and memory-mapped addresses, so overwriting the application FW is not possible. 

    An attacker could try FOTA or DFU over serial, but in that case, the custom MCU boot signing key will prevent an attacker from flashing an arbitrary firmware. 

    Please let me know if there's anything more I can answer for you.

    Best regards,

    Heidi

Children
Related
Terms of service