Szczegóły CWE-1247

CWE-1247

Improper Protection Against Voltage and Clock Glitches
Stable
2020-02-24
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Powiadomienia dla konkretnego CWE
Bądź na bieżąco z wszelkimi zmianami dotyczącymi konkretnego CWE.
Zarządzaj powiadomieniami

Nazwa: Improper Protection Against Voltage and Clock Glitches

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.

Informacje ogólne

Sposoby wprowadzenia

Operation

Odpowiednie platformy

Język

Class: Not Language-Specific (Undetermined)

Systemy operacyjne

Class: Not OS-Specific (Undetermined)

Architektury

Class: Not Architecture-Specific (Undetermined)

Technologie

Class: ICS/OT (Undetermined)
Class: System on Chip (Undetermined)
Name: Power Management Hardware (Undetermined)
Name: Clock/Counter Hardware (Undetermined)
Name: Sensor Hardware (Undetermined)

Typowe konsekwencje

Zakres Wpływ Prawdopodobieństwo
Confidentiality
Integrity
Availability
Access Control		Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Memory, Modify Memory, Execute Unauthorized Code or Commands

Zaobserwowane przykłady

Odniesienia Opis

CVE-2019-17391

Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.

CVE-2021-33478

IP communication firmware allows access to a boot shell via certain impulses

Potencjalne środki zaradcze

Phases : Architecture and Design // Implementation

Metody wykrywania

Manual Analysis

Skuteczność : Moderate

Dynamic Analysis with Manual Results Interpretation

During the implementation phase where actual hardware is available, specialized hardware tools and apparatus such as ChipWhisperer may be used to check if the platform is indeed susceptible to voltage and clock glitching attacks.

Architecture or Design Review

Review if the protections against glitching merely transfer the attack target. For example, suppose a critical authentication routine that an attacker would want to bypass is given the protection of modifying certain artifacts from within that specific routine (so that if the routine is bypassed, one can examine the artifacts and figure out that an attack must have happened). However, if the attacker has the ability to bypass the critical authentication routine, they might also have the ability to bypass the other protection routine that checks the artifacts. Basically, depending on these kind of protections is akin to resorting to "Security by Obscurity".

Architecture or Design Review

Many SoCs come equipped with a built-in Dynamic Voltage and Frequency Scaling (DVFS) that can control the voltage and clocks via software alone. However, there have been demonstrated attacks (like Plundervolt and CLKSCREW) that target this DVFS [REF-1081] [REF-1082]. During the design and implementation phases, one needs to check if the interface to this power management feature is available from unprivileged SW (CWE-1256), which would make the attack very easy.

Uwagi dotyczące mapowania podatności

Uzasadnienie : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Komentarz : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Powiązane wzorce ataków

CAPEC-ID Nazwa wzorca ataku
CAPEC-624 Hardware Fault Injection
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.
CAPEC-625 Mobile Device Fault Injection
Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.

Odniesienia

REF-1061

Circuit Techniques for Dynamic Variation Tolerance
Keith Bowman, James Tschanz, Chris Wilkerson, Shih-Lien Lu, Tanay Karnik, Vivek De, Shekhar Borkar.
https://dl.acm.org/doi/10.1145/1629911.1629915

REF-1062

Razor: A Low-Power Pipeline Based on Circuit-Level Timing Speculation
Dan Ernst, Nam Sung Kim, Shidhartha Das, Sanjay Pant, Rajeev Rao, Toan Pham, Conrad Ziesler, David Blaauw, Todd Austin, Krisztian Flautner, Trevor Mudge.
https://web.eecs.umich.edu/~taustin/papers/MICRO36-Razor.pdf

REF-1063

Tunable Replica Circuits and Adaptive Voltage-Frequency Techniques for Dynamic Voltage, Temperature, and Aging Variation Tolerance
James Tschanz, Keith Bowman, Steve Walstra, Marty Agostinelli, Tanay Karnik, Vivek De.
https://ieeexplore.ieee.org/document/5205410

REF-1064

FAME: Fault-attack Aware Microprocessor Extensions for Hardware Fault Detection and Software Fault Response
Bilgiday Yuce, Nahid F. Ghalaty, Chinmay Deshpande, Conor Patrick, Leyla Nazhandali, Patrick Schaumont.
https://dl.acm.org/doi/10.1145/2948618.2948626

REF-1065

A 45 nm Resilient Microprocessor Core for Dynamic Variation Tolerance
Keith A. Bowman, James W. Tschanz, Shih-Lien L. Lu, Paolo A. Aseron, Muhammad M. Khellah, Arijit Raychowdhury, Bibiche M. Geuskens, Carlos Tokunaga, Chris B. Wilkerson, Tanay Karnik, Vivek De.
https://ieeexplore.ieee.org/document/5654663

REF-1066

Bypassing Secure Boot Using Fault Injection
Niek Timmers, Albert Spruyt.
https://www.blackhat.com/docs/eu-16/materials/eu-16-Timmers-Bypassing-Secure-Boot-Using-Fault-Injection.pdf

REF-1217

Security Engineering
Ross Anderson.
https://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf

REF-1217

Security Engineering
Ross Anderson.
https://www.cl.cam.ac.uk/~rja14/musicfiles/manuscripts/SEv1.pdf

REF-1081

Plundervolt
Kit Murdock, David Oswald, Flavio D Garcia, Jo Van Bulck, Frank Piessens, Daniel Gruss.
https://plundervolt.com/

REF-1082

CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
Adrian Tang, Simha Sethumadhavan, Salvatore Stolfo.
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf

REF-1285

Physical Security Attacks Against Silicon Devices
Texas Instruments.
https://www.ti.com/lit/an/swra739/swra739.pdf?ts=1644234570420

REF-1286

On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical Attacks
Lennert Wouters, Benedikt Gierlichs, Bart Preneel.
https://eprint.iacr.org/2022/328.pdf

Zgłoszenie

Nazwa Organizacja Data Data wydania Version
Arun Kanuparthi, Hareesh Khattri, Parbati Kumar Manna, Narasimha Kumar V Mangipudi Intel Corporation 2020-02-12 +00:00 2020-02-24 +00:00 4.0

Modyfikacje

Nazwa Organizacja Data Komentarz
CWE Content Team MITRE 2020-08-20 +00:00 updated Demonstrative_Examples, Description, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns
CWE Content Team MITRE 2020-12-10 +00:00 updated Relationships
CWE Content Team MITRE 2021-03-15 +00:00 updated Functional_Areas
CWE Content Team MITRE 2021-10-28 +00:00 updated Description, Detection_Factors, Name, References, Weakness_Ordinalities
CWE Content Team MITRE 2022-04-28 +00:00 updated Applicable_Platforms, Relationships
CWE Content Team MITRE 2022-06-28 +00:00 updated Applicable_Platforms, Relationships
CWE Content Team MITRE 2022-10-13 +00:00 updated Demonstrative_Examples, References
CWE Content Team MITRE 2023-01-31 +00:00 updated Applicable_Platforms, Related_Attack_Patterns, Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2023-10-26 +00:00 updated Observed_Examples
CWE Content Team MITRE 2025-09-09 +00:00 updated Relationships
CWE Content Team MITRE 2025-12-11 +00:00 updated Demonstrative_Examples
Informacje prezentowane na CVE Find pochodzą z kilku starannie wybranych źródeł referencyjnych. Dane CVE są dostarczane przez MITRE Corporation i Narodową Bazę Podatności (NVD). Katalog znanych eksploatowanych podatności (KEV) pochodzi z Agencji ds. Bezpieczeństwa Cyberprzestrzeni i Infrastruktury (CISA), natomiast wyniki EPSS pochodzą z FIRST.org. Ponadto dane dotyczące słabości oprogramowania (CWE) i typowych wzorców ataków (CAPEC) są utrzymywane przez MITRE Corporation, a informacje o konfiguracjach sprzętu i oprogramowania (CPE) są dostarczane przez NVD.