This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

How to prevent rogue application from using modem security tags

I'm wondering about a scenario where an attacker has physical access, and manages to program their custom application into our device. They could use our stored credentials to authenticate the device, as there doesn't appear to be a mechanism to prevent this.

Is there a way to prevent this? Can the modem firmware validate the application firmware before granting access to the security tags? Is there some mechanism in place that I'm not aware of that prevents this scenario?

Regards,

Josh

Top Replies

Heidi over 4 years ago in reply to JVantol +1 verified

Yes, you should set all three.

Parents

0 Heidi over 4 years ago

Hi!

So, it doesn't look like we have any specific protection mechanism for the case you're describing, where an attacker has physical access to a device and can overwrite the application FW. The reason for this is simply because if APPROTECT is enabled, it blocks read/write access to all CPU registers and memory-mapped addresses, so overwriting the application FW is not possible.

An attacker could try FOTA or DFU over serial, but in that case, the custom MCU boot signing key will prevent an attacker from flashing an arbitrary firmware.

Please let me know if there's anything more I can answer for you.

Best regards,

Heidi
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 JVantol over 4 years ago in reply to Heidi

Is setting APPROTECT alone sufficient, or do you need to also set ERASEPROTECT and SECUREAPPPROTECT?

It seems like you probably need to set all three, right?
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 Heidi over 4 years ago in reply to JVantol

Yes, you should set all three.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel

Reply

+1 Heidi over 4 years ago in reply to JVantol

Yes, you should set all three.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel

Children

No Data