logo

Device Unlock Credential Sharing

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when the secret keys or passwords required to unlock a device's hidden features are shared between multiple organizations, creating a chain of trust where sensitive access can be leaked.

Extended Description

Device unlocking typically activates hidden debug or manufacturer modes, such as the ability to dump full system memory or bypass hardware protections. These powerful features are locked in production and require special credentials to access, often needed by different companies in the supply chain for testing and troubleshooting. The security risk escalates when these unlock credentials must be shared between separate entities like the chip designer, the manufacturer (foundry), and assembly testers. Each company may have vastly different security policies and levels of secrecy, turning a single secret into multiple points of potential exposure and significantly increasing the chance of a damaging credential leak.
Common Consequences 1
Scope: ConfidentialityIntegrityAvailabilityAccess ControlAccountabilityAuthenticationAuthorizationNon-Repudiation

Impact: Modify MemoryRead MemoryModify Files or DirectoriesRead Files or DirectoriesModify Application DataExecute Unauthorized Code or CommandsGain Privileges or Assume IdentityBypass Protection Mechanism

Once unlock credentials are compromised, an attacker can use the credentials to unlock the device and gain unauthorized access to the hidden functionalities protected by those credentials.
Potential Mitigations 2
Phase: Integration
Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific.
Phase: Manufacturing
Ensure the unlock credentials are shared with the minimum number of parties and with utmost secrecy. To limit the risk associated with compromised credentials, where possible, the credentials should be part-specific.
Demonstrative Examples 1
This example shows how an attacker can take advantage of compromised credentials.

Code Example:

Bad
Other

Suppose a semiconductor chipmaker, "C", uses the foundry "F" for fabricating its chips. Now, F has many other customers in addition to C, and some of the other customers are much smaller companies. F has dedicated teams for each of its customers, but somehow it mixes up the unlock credentials and sends the unlock credentials of C to the wrong team. This other team does not take adequate precautions to protect the credentials that have nothing to do with them, and eventually the unlock credentials of C get leaked.

When the credentials of multiple organizations are stored together, exposure to third parties occurs frequently.

Code Example:

Good
Other

Vertical integration of a production company is one effective method of protecting sensitive credentials. Where vertical integration is not possible, strict access control and need-to-know are methods which can be implemented to reduce these risks.
Applicable Platforms
Languages:
VHDL : UndeterminedVerilog : UndeterminedCompiled : Undetermined
Technologies:
Other : UndeterminedNot Technology-Specific : Undetermined
Modes of Introduction
Integration
Manufacturing
Related Attack Patterns
Related Weaknesses
ChildOf: Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Notes
MaintenanceThis entry is still under development and will continue to see updates and content improvements.