Bypassing JTAG Authentication on Automotive MCUs via Voltage Fault Injection

TLDR: Researchers at Black Hat 2024 demonstrated a practical method to bypass JTAG authentication on the SPC58 automotive microcontroller series using voltage fault injection. By reverse-engineering the authentication protocol and identifying a redundant check, they successfully gained debug access without the correct password. This research highlights the critical need for hardware-level security measures beyond simple password protection in embedded automotive systems.

Automotive security is often treated as a black box, but the reality is that the silicon powering modern vehicles is just as vulnerable to physical manipulation as any other embedded device. The recent research presented on the SPC58 automotive microcontroller series proves that even when vendors implement password-protected JTAG interfaces, those protections are often fragile. If you are performing hardware security assessments or embedded penetration testing, this talk is a masterclass in how to move from "locked out" to "code execution" by targeting the physical implementation of security features.

The Vulnerability: Redundant Authentication

The researchers focused on the SPC58 series, a common microcontroller unit (MCU) in automotive applications. Like many modern chips, it uses JTAG for debugging, which is protected by a password to prevent unauthorized access. The standard authentication flow requires a 256-bit password, which is stored in one-time programmable (OTP) memory.

The core of the research lies in the discovery that the authentication process is redundant. By sniffing the JTAG traffic using a logic analyzer and comparing the waveforms of successful versus failed authentication attempts, the team identified that the chip performs the check twice. More importantly, they realized that the second check is essentially a formality that can be bypassed if the timing of the fault is precise. This is a classic case of an Identification and Authentication Failure occurring at the hardware level, where the logic governing the debug state machine is susceptible to manipulation.

Executing the Fault Injection

To exploit this, the team needed to inject a fault exactly when the chip was performing the password comparison. They opted for voltage fault injection, which involves momentarily pulling the core power rail to ground. This causes the chip to glitch, potentially skipping the instruction that checks the password result.

The setup was straightforward but required precision. They identified the core power rail and the specific MOSFET responsible for voltage regulation on the target board. By soldering a wire to the capacitor on the core power rail and using a custom-built MOSFET driver circuit, they could trigger a precise voltage drop.

For the JTAG communication, they moved away from standard debuggers, which were too slow and inconsistent, and instead used an FT4232H based dongle. By using the PyFTDI library, they implemented a custom JTAG controller that could operate in a synchronous bit-bang mode. This allowed them to send JTAG commands at high speed and, crucially, synchronize the voltage glitch with the exact moment the MCU was comparing the password.

# Conceptual snippet for triggering the fault
# The goal is to synchronize the glitch with the password comparison
def trigger_fault(target_pin):
    # Pull the core voltage rail to ground
    target_pin.write(0)
    time.sleep(glitch_duration)
    target_pin.write(1)

The team achieved over 40,000 triggers per second, which is necessary because fault injection is inherently probabilistic. You are not looking for a single perfect hit; you are looking for the statistical likelihood that the glitch occurs during the critical window of the authentication routine.

Real-World Implications for Pentesters

If you are tasked with auditing an automotive ECU, you should assume that JTAG is the primary target. While the JTAGulator is the industry standard for identifying pinouts, this research shows that finding the pins is only the first step. Once you have access to the interface, your next move should be to analyze the authentication protocol.

Look for redundant checks or timing discrepancies. If the device takes a variable amount of time to respond to a password attempt, you might be looking at a side-channel vulnerability. If it responds instantly but requires multiple steps, you are a prime candidate for fault injection. The use of an FTDI-based emulator is a significant takeaway here; it is cheap, accessible, and provides the low-level control needed to bypass the limitations of commercial debuggers.

Defensive Considerations

For those working on the defensive side, the message is clear: do not rely on JTAG passwords as your only line of defense. If a physical attacker has access to the board, they can eventually bypass these checks.

Chip vendors should implement brownout reset mechanisms that trigger a full system reset if the voltage drops below a certain threshold, effectively killing the fault injection attempt. Furthermore, requiring multiple, randomized authentication challenges makes it significantly harder for an attacker to time their glitch. Finally, if the product is in production, the JTAG port should be physically disabled or permanently locked via eFuses.

This research serves as a reminder that hardware security is a game of cat and mouse. As long as debug interfaces exist, researchers will find ways to unlock them. The goal is to make the cost of that bypass higher than the value of the data being protected.