Break IC flash could be also applied to the device communication protocol in order to find any hidden functions embedded by the software developer for testing and upgrade purposes.
IC Chip manufacturers very often embed hardware test interfaces for postproduction testing of their semiconductor devices. If the security protection for these interfaces is not properly designed, the ic attacker can exploit it to get access to the on-chip memory. In smartcards such test interfaces are normally located outside the chip circuit and physically removed after the test operation, eliminating any possibility of use by outsiders.
Any security system, either software or hardware, could also have holes in its design and there is always a small chance that an ic cloner would eventually find one with brute force random testing. Careful design of the security protection, followed by proper evaluation, could help avoid many problems and make such MCU attack virtually impossible.