Hardware Features Enable Physical Attacks from Software

Software-controllable device functionality such as power and clock management permits unauthorized modification of memory or register bits.


Description

Fault injection attacks involve strategic manipulation of bits in a device to achieve a desired effect such as skipping an authentication step, elevating privileges, or altering the output of a cryptographic operation. Techniques employed to flip bits include low-cost methods such as manipulation of the device clock and voltage supply as well as high-cost but more precise techniques involving lasers. To inject faults a physical access requirement is frequently assumed to be necessary. This assumption may be false if the device has improperly secured power management features that allow untrusted programs to manipulate the device clock frequency or operating voltage. For mobile devices, minimizing power consumption is critical, but these devices run a wide variety of applications with different performance requirements. Software-controllable mechanisms to dynamically scale device voltage and frequency are common features in today’s chipsets and can be exploited by attackers if protections are not in place. Other features, such as the ability to write repeatedly to DRAM at a rapid rate from unprivileged software can result in bit flips in other memory locations (Rowhammer).

Demonstrations

The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.

Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.

Example One

Suppose a hardware design implements a set of software-accessible registers for scaling clock frequency and voltage but does not control access to these registers. Attackers may cause register and memory changes and race conditions by changing the clock or voltage of the device under their control.

See Also

Power, Clock, and Reset Concerns

Weaknesses in this category are related to system power, voltage, current, temperature, clocks, system state saving/restoring, and resets at the platform and SoC level.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses without Software Fault Patterns

CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.