Submitted via IRC for boru.
https://www.infoq.com/news/2020/07/nRF52-debug-resurrect/:
A recent hardware attack on the Nordic nRF52 chip uses local access to gain chip-level debugging capabilities that persist in silicon, unpatchable in software. Nordic has confirmed the issue and encouraged device manufacturers to detect openings of the enclosure, as the chip is not hardened against fault injection.
This chip is used in so many bluetooth products. Might be fun to go wardriving and find some and see if any have accessible SWD pins.
(Score: 2) by ilsa on Friday July 17 2020, @10:40PM
Oh I see what you mean. Yes, I suppose that's entirely possible. Who knows what corners got cut during the implementation of the chip.
At a minimum, having debug access to the chip would certainly make it much easier to uncover other potential bugs/exploits that the chip may contain. Then you could freely target any device using that chip. It wouldn't necessarily mean you now have broad access to all BT devices though... only the ones using Nordic chip.
But if you found other exploits.... You could build up a library of exploits across different BT chips, and then you could execute it from a single SDR for a one stop BT hacking shop.