External interfaces are typically a product's lifeline to the outside world. Such interfaces may be used for a number of purposes, including connecting to peripherals, field programming, or testing during product manufacturing. Typical interfaces include FireWire, USB, RS232, Ethernet, or JTAG IEEE 1149.1. Products often implement development or programming interfaces that are not meant for everyday consumer use, but can benefit an attacker immensely. Simply obfuscating these interfaces with proprietary connector types or hidden access doors or holes is not suitable, as they are easily discovered. While physical connections are the focus of this section, it is important to note that wireless interfaces also need to be secured, though that topic is beyond the scope of this article.
When an attacker gains access to an external interface, he or she will typically first probe the connections to determine their functionality (if it isn't obvious). This is achieved by monitoring the test points for any device-generated signals (using a multimeter, oscilloscope, or logic analyzer) and then manually toggling the state of the pins to induce a device response. Knowing the state of the pins can help an attacker make an educated guess on the type of interface the product is using.
Once the interface is known, it is trivial for an attacker to monitor the communications by using a dedicated protocol analyzer (e.g., CATC) or software-based tool, such as SnoopyPro for USB, SysInternals' PortMon for serial (RS232) and parallel port, and Ethereal for network protocols. One attack against a known protocol is to generate malformed or intentionally bad packets (using the traffic generation features of a protocol analyzer, for example) and observe the results. If the product does not properly handle errors or illegal packets, a failure may trigger an unintended operation that is useful to the attacker.
Figure 2 shows one example of a proprietary external interface on a hardware authenticator key fob. The test points on the first product (the five horizontal metal dots) are accessible by simply removing a small plastic sticker from the back of the device housing. The sticker can be replaced after attack, leaving no signs of tampering.
Figure 2 External interface on a hardware authenticator key fob.
xda-developers.com discovered an attack against an XDA device through its JTAG interface.  Although the XDA does not have an external interface specifically used in the attack, the unit simply had to be unscrewed and wires attached to the proper test points. The JTAG functionality was still enabled on the board and was used to read and write the internal Flash ROM.
Grand's "Security Analysis of the Palm Operating System and its Weaknesses Against Malicious Code Threats"  details an attack against devices running the Palm operating system, which transmits an obfuscated version of the system password over the serial port during a HotSync operation. The encoded password can be retrieved and decoded into its original ASCII form. Additionally, designed into early versions of Palm OS is an RS232-based "Palm Debugger," which provides source- and assembly-level debugging of Palm OS executables. This debugger can be accessed through the HotSync port using commercial tools and enable any user to view raw memory; reset the device; export specific databases; or install, delete, or execute applications.
Basically, use caution when connecting to the "outside world." If possible, encrypt or at least obfuscate traffic to increase attack difficulty. No secret or critical components should be able to be accessed through the external interface. Only publicly known information should be passed.
Removing external programming or test interfaces may increase complexity of manufacturing or field upgradeability at the expense of security. JTAG functionality should be removed from operational modes if at all possible. If an interface is simply disconnected from the device (by blowing fuses or cutting traces on the PCB during manufacturing, for example), an adversary could easily reconnect or repair the interface and launch an attack.