In smartphones, and more generally in IoT devices, manufacturers focus their efforts on securing communications with the outside world that are more exposed to attack while considering communications between secure components. By doing this, it results in internal communication buses with little or no security against attackers. I2C is the most used internal communication bus in IoT devices to communicate with sensors and memories. It is also used in recent smartphones to connect the Trusted Execution Environments (ARM TrustZone, Apple SEP, or Google Titan M) to a dedicated EEPROM memory that contains secret information such as encryption keys, anti-replay counter, or the boot ROM. In this paper, we propose a non-invasive attack through a hardware trojan on the I2C bus, which will allow us to perform two attack scenarios: a heart bleeding type attack which will allow retrieving additional information at each memory read, and a buffer overflow attack which will allow writing additional data in the memory at each write which can result in modifying secret information such as password or counters. These attacks can be performed on any device using the I2C bus. In the context of smartphones, these attacks will allow the extraction of sensitive information stored in the secure EEPROM memory.