CWE-1332: Insufficient Protection Against Instruction Skipping Via Fault Injection
The device is missing or incorrectly implements circuitry or sensors to detect and mitigate CPU instruction skips that can be caused by fault injection.
Fault Injection is a technique used by adversaries to alter the operating conditions of hardware so that unexpected behavior occurs. Generally, this is accomplished by causing the device to operate outside of its expected conditions or by inducing electrical disturbances in the device. A weakness may arise in systems that do not properly protect against common fault injection techniques targeting the skipping of security critical instructions.
In practice, application code may contain conditional branches that are security-sensitive (e.g., accepting or rejecting a user-provided password. These conditional branches are typically implemented by a single conditional branch instruction in the program binary which, if skipped through fault injection, may lead to effectively flipping the branch condition - i.e., causing the wrong security-sensitive branch to be taken. This affects processes such as firmware authentication, password verification, and other security-sensitive decision points.
The table(s) below shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
Relevant to the view "Research Concepts" (CWE-1000)
Relevant to the view "Hardware Design" (CWE-1194)
The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.
The listings below show possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.
Class: Language-Independent (Undetermined Prevalence)
Class: OS-Independent (Undetermined Prevalence)
Class: Architecture-Independent (Undetermined Prevalence)
Class: System on Chip (Undetermined Prevalence)
The table below specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
This entry is attack-oriented and may require significant modification in future versions, or even deprecation. It seems likely that there is more than one design "mistake" that might allow insruction skipping, so this entry is not necessarily a weakness and may be more appropriate for CAPEC.
This weakness has external references that are valuable but need to be further validated before addition to the weakness entry.
More information is available — Please select a different filter.