CAPEC-625: Mobile Device Fault Injection
ID
CAPEC-625
Status
Draft
Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.
Weaknesses
# ID | Name | Type |
---|---|---|
CWE-1247 | Improper Protection Against Voltage and Clock Glitches | weakness |
CWE-1248 | Semiconductor Defects in Hardware Logic with Security-Sensitive Implications | weakness |
CWE-1256 | Improper Restriction of Software Interfaces to Hardware Features | weakness |
CWE-1319 | Improper Protection against Electromagnetic Fault Injection (EM-FI) | weakness |
CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | weakness |
CWE-1334 | Unauthorized Error Injection Can Degrade Hardware Redundancy | weakness |
CWE-1338 | Improper Protections Against Hardware Overheating | weakness |
CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | weakness |