CWE-1334

Mitigation

Phase: Architecture and Design

Description:

• Ensure the design does not allow error injection in modes intended for normal run-time operation. Provide access controls on interfaces for injecting errors.

Mitigation

Phase: Implementation

Description:

• Disallow error injection in modes which are expected to be used for normal run-time operation. Provide access controls on interfaces for injecting errors.

Mitigation

Phase: Integration

Description:

• Add an access control layer atop any unprotected interfaces for injecting errors.

CAPEC-624: Hardware Fault Injection

The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.

CAPEC-625: Mobile Device Fault Injection

Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.