Dark Mode
Capec-624 Detail
Hardware Fault Injection
Meta Communications Hardware Likelihood: Low Typical Severity: High
Children: 625
Threats: T64 T68 T78
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-624 | capec | https://capec.mitre.org/data/definitions/624.html | |
| CWE-1247 | cwe | http://cwe.mitre.org/data/definitions/1247.html | |
| CWE-1248 | cwe | http://cwe.mitre.org/data/definitions/1248.html | |
| CWE-1256 | cwe | http://cwe.mitre.org/data/definitions/1256.html | |
| CWE-1319 | cwe | http://cwe.mitre.org/data/definitions/1319.html | |
| CWE-1332 | cwe | http://cwe.mitre.org/data/definitions/1332.html | |
| CWE-1334 | cwe | http://cwe.mitre.org/data/definitions/1334.html | |
| CWE-1338 | cwe | http://cwe.mitre.org/data/definitions/1338.html | |
| CWE-1351 | cwe | http://cwe.mitre.org/data/definitions/1351.html |
Not present
- Physical access to the system
- The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation.
- The relevant sensors and tools to detect and analyze fault/side-channel data from a system. A tool capable of injecting fault/side-channel data into a system or application.
| High |
|---|
| Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required. |
| Integrity | Confidentiality |
|---|---|
| Execute Unauthorized Commands (If an adversary is able to inject data via a fault or side channel vulnerability towards malicious ends, the integrity of the application or information system will be compromised.) | Read Data (An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, has compromised the confidentiality of that application or information system data.) |
| Bypass Protection Mechanism (An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, has compromised the confidentiality of that application or information system data.) | |
| Hide Activities (An adversary capable of successfully collecting and analyzing sensitive, fault/side-channel information, has compromised the confidentiality of that application or information system data.) |
Not present