English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CAPEC-624

Hardware Fault Injection
LOW
HIGH
Stable
2015-11-09 00:00 +00:00
2022-09-29 00:00 +00:00
CAPEC Mitre.org

Alerte pour un CAPEC

Stay informed of any changes for a specific CAPEC.
Alert management

Description

The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.

Informations

Prerequisites

Physical access to the system
The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation.

Skills Required

Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required.

Resources Required

The relevant sensors and tools to detect and analyze fault/side-channel data from a system.

A tool capable of injecting fault/side-channel data into a system or application.


Mitigations

Implement robust physical security countermeasures and monitoring.

Related Weaknesses

CWE-ID Weakness Name
CWE-1247 Improper Protection Against Voltage and Clock Glitches
The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.
CWE-1248 Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
The security-sensitive hardware module contains semiconductor defects.
CWE-1256 Improper Restriction of Software Interfaces to Hardware Features
The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.
CWE-1319 Improper Protection against Electromagnetic Fault Injection (EM-FI)
The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.
CWE-1332 Improper Handling of Faults that Lead to Instruction Skips
The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.
CWE-1334 Unauthorized Error Injection Can Degrade Hardware Redundancy
An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.
CWE-1338 Improper Protections Against Hardware Overheating
A hardware device is missing or has inadequate protection features to prevent overheating.
CWE-1351 Improper Handling of Hardware Behavior in Exceptionally Cold Environments
A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primitives when the device is cooled below standard operating temperatures.

Submission

Name Organization Date Date Release
CAPEC Content Team The MITRE Corporation 2015-11-09 +00:00

Modifications

Name Organization Date Comment
CAPEC Content Team The MITRE Corporation 2017-05-01 +00:00 Updated Alternate_Terms, Attack_Motivation-Consequences, Attack_Prerequisites, Attacker_Skills_or_Knowledge_Required, Description Summary, Other_Notes, Resources_Required, Solutions_and_Mitigations, Typical_Likelihood_of_Exploit, Typical_Severity
CAPEC Content Team The MITRE Corporation 2017-08-04 +00:00 Updated Attack_Prerequisites
CAPEC Content Team The MITRE Corporation 2020-07-30 +00:00 Updated @Name, Consequences, Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2020-12-17 +00:00 Updated Related_Weaknesses
CAPEC Content Team The MITRE Corporation 2022-09-29 +00:00 Updated Description, Related_Weaknesses

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.