CAPEC-624 Metadata
Likelihood of Attack
Low
Typical Severity
High
Overview
Summary
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.
Prerequisites
Physical access to the system The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation.
Potential Solutions / Mitigations
Implement robust physical security countermeasures and monitoring.
Related Weaknesses (CWE)
| CWE ID | Description |
|---|---|
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches |
| CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications |
| CWE-1256 | Improper Restriction of Software Interfaces to Hardware Features |
| CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) |
| CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips |
| CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy |
| CWE-1338 | Improper Protections Against Hardware Overheating |
| CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.