top | item 46522165

(no title)

tripletao | 1 month ago

The "RS-232" part is important here, since directly connecting the UART pins for the two MCUs without the RS-232 level shifters may trivially permit bidirectional dataflow, for example by reconfiguring the pins to GPIO and bit-banging a UART in the reverse direction, as already noted below. That wouldn't be directly exploitable (since you'd need to somehow bootstrap that reconfiguration in), but it would widen the attack surface.

If the cable wires control signals like DTR and RTS, then you'd need to cut those too. The goal in any case is one wire (plus ground) out of the transmitter and one wire into the receiver, with something in between that enforces data flow in only one direction. An optoisolator can do that, but a buffer without galvanic isolation (like the RS-232 level shifters) can do that too.

discuss

No comments yet.