Improper Protection Against Physical Side Channels

The product is missing protections or implements insufficient protections against information leakage through physical channels such as power consumption, electromagnetic emissions (EME), acoustic emissions, or other physical attributes.


Physical properties of the hardware implementation such as power consumption or EME can result in data disclosure even if it is not possible to extract the information in the digital domain. Physical side channels such as power consumption, electromagnetic emissions (EME), and acoustic emissions have been well-studied for decades in the context of breaking implementations of cryptographic algorithms. These side-channels may be easily observed by an attacker with physical access to the device. Power, EME, and acoustic measurements obtained during hardware operation are correlated to data processed by the hardware, enabling recovery of secret keys and data.

See Also

Cross-Cutting Problems

Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses without Software Fault Patterns

CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.