Exposed UART Interfaces

High

Description

UART interface is a hardware device (physical circuit in the controller or a standalone IC) used for asynchronous serial communication. It enables the translation of data between the serial and parallel interfaces utilizing a shift register. It is the most commonly used in embedded devices. The communication directly takes place between two UARTs. The UART interface on the transmitting side handles the parallel data and covers it in serial form. It then transmits the data serially to the UART interface on the receiving side. The receiving UART interface takes in the serial data and converts it back to the parallel to give it to the receiving side's controlling device. It communicates using two signal lines RX (receiver) and TX (transmitter). The data from the TX pin on the transmitting UART interface is received at the RX pin on the receiving UART interface.

Attack Scenario

An Attacker with hardware access to the device can connect to the exposed UART interface and may have access to the root shell or at least a lot of debugging information corresponding to the device firmware and services.

Mitigation

Remove the UART interface or apply authentication and prevent the device from sending debug information from the UART interface

ID: 30002