A universal asynchronous receiver/transmitter (UART) is a hardware device with circuitry that facilitates communication between parallel and serial interfaces. These interfaces transmit data, as a single stream of bits, between two systems. Parallel and serial interfaces can use wire-plus-ground cable, a wireless channel or a wire-pair to communicate.

UART takes entire data bytes and sends them – in single bits – to its destination in sequential manner, where it is reassembled into complete bytes. Serial interfaces send data to-and-from systems, while parallel interfaces send multiple bits concurrently using multiple wires. UART supports a wide range of RS-32, RS-422, RS-485 serial protocols. Examples of serial interfaces include Universal Serial Bus (USB), Recommended Standard No. 232 (RS-232).

Security Vulnerabilities Threaten IoT devices that Utilize UART Interfaces

Internet of Things (IoT) devices may support UART to send and transmit signals wirelessly. Manufacturers install UART interfaces on IoT boards to review serial console logs and complete any debug activity required. Since UART interacts with IoT devices, it is possible for hackers to infiltrate the UART shell and root shell. Shells manage user interaction with a computing system through an input-output interface.

If a cybercriminal gains access to the root shell, they can cause detriment to an organization. For example, hackers may:

  • Infiltrate and reverse engineer firmware to see how to exploit it further
  • Gain access to sensitive information such as certificates or API keys
  • Examine communication protocols for vulnerabilities
  • Target user devices, including company users and clients

Unfortunately, all it takes is a little hardware tinkering and persistence to compromise the UART interface. There are three UART connections: transmitter, receiver and ground. All hackers need to do is locate the connections on a circuit board, connect with them – by using a serial connecter – and begin interfacing with the console to target the firmware.  Since root shell access is commonly enabled over UART, organizations must find ways to secure IoT UART interfaces.

How to Secure Your UART-enabled IoT Devices

There are plenty of UART-embedded IoT devices on the market today, plus an increasing amount of devices with IoT functionality being brought to market. But IoT applications are still in the early stages, with little security standards in place. The place to start is securing the hardware. In addition to the UART interface, the following IoT application interfaces should be protected:

  • Cloud, mobile and web interfaces
  • Secure Protocol interfaces, e.g. Bluetooth, Zigbee, etc.

If you are a manufacturer of IoT devices, chances are firmware security is a top priority. If the firmware is important to protect, the easiest solution is to restrict customer access to the UART. Any individual who has UART access can infiltrate it and gain access to sensitive information, such as intellectual property.

Monitor UART-enabled IoT Device Use and Implement Policies to Secure Them

IoT devices expand upon an enterprise’s attack surface. Therefore, it is important to implement cybersecurity policies that protect the way data is collected, processed and stored. Take an inventory of the IoT devices your organization has connected to a network. Network management tools will help your organization to conduct an audit and take an inventory of the devices that have IoT operating. Solar Winds Network Performance Monitor, Paessler PRTG ManageEngine OpManager each offer network management tools.

Implement a Secure IT Network Architecture

With IoT devices, take proper care to secure your network – from hardware devices to software applications. Basic security restrictions such as “least privilege” and “need to know” should be applied to users accessing your network. According to the US Department of Homeland Security, an organization can take the following precautions to secure their IT network:

  • Separate and segment networks according to function: this will not only prevent intruders from taking control of data and devices, but it will also restrict the amount of lateral movement a hacker can make throughout the network. Placing routers in between networks will segregate them, enabling network administrators to control and filter traffic. In the event of a data breach, organizations can shut down network segments, while protecting the others.

Tools such as private virtual LANs helps to isolate users throughout user domains. Install Virtual routing and forwarding (VRF) technology, which will separate traffic over multiple routing tables simultaneously on a single router.

  • Restrict lateral communications to the most necessary ones: secure networks for lateral communications, including peer-to-peer. If communications between workstations are not filtered, for example, a hacker can find a vulnerable spot from which to launch a cyberattack. These backdoors will hinder an organization’s cybersecurity defenses. Firewalls can help to restrict traffic flow between hosts in a network. 
  • Harden devices on your network: tighten security configurations on your network by adhering to site security policies. Reference state, federal and international regulations, plus industry best practices. Some examples include setting strict password policies, restricting physical and on-site access, and conducting risk audits to assess the effectiveness of information security. 
  • Restrict, secure infrastructure device access: if a company does not take precautions to secure hardware and devices, cybercriminals may take advantage of administrative privileges, increase his or her access and – in the worst cases – take total control of an IT infrastructure. Make sure authorizations are restricted and not granted far-and-wide. Enforce password encryption and keep password information secure, e.g. locked away off-premise.

Know Your IT System Attack Surface and Defend It Against Cybercrime

IoT UART interface security is part of an overall strategy to protect your IT architecture and applications. ThreatModeler is a unique, automated solution that will help you to map out your IT security threats and mitigate them with security requirements. All types of computing environments can benefit from this out-of-the box cybersecurity tool that will harden your IT environment enterprise wide. This includes IoT-embedded devices.

Learn more about how ThreatModeler™ can help your organization build a scalable threat modeling process, book a demo to speak to a ThreatModeler expert today.


ThreatModeler revolutionizes threat modeling during the design phase by automatically analyzing potential attack surfaces. Harness our patented functionalities to make critical architectural decisions and fortify your security posture.

Learn more >


Threat modeling remains essential even after deploying workloads, given the constantly evolving landscape of cloud development and digital transformation. CloudModeler not only connects to your live cloud environment but also accurately represents the current state, enabling precise modeling of your future state

Learn more >


DevOps Engineers can reclaim a full (security-driven) sprint with IAC-Assist, which streamlines the implementation of vital security policies by automatically generating threat models through its intuitive designer.

Learn more >