JTAGing as a way for extracting passwords

Mankind is trying to improve everyday objects in order to facilitate our life. Attacks on consumer smart devices can allow an attacker to gain constant access to the victim’s network. This type of attack can be prevented by disabling – or more effectively – removing the JTAG ports completely from production devices, thereby minimising its attack surface.


This article will present one of the tasks by which confidential information, such as passwords can be extracted from a device’s memory if physical access to the device is acquired.

The target device is the universal remote control BroadLink RM Pro. This intelligent remote control can be used to control several household appliances via its application.

 

More.