Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CAPEC-625:Mobile Device Fault Injection
Attack Pattern ID:625
Version:v3.9
Attack Pattern Name:Mobile Device Fault Injection
Abstraction:Standard
Status:Draft
Likelihood of Attack:
Typical Severity:
DetailsContent HistoryRelated WeaknessesReports
8Weaknesses found
CWE-1247
Improper Protection Against Voltage and Clock Glitches
ShareView Details
Improper Protection Against Voltage and Clock Glitches
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in3CVEs

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.

Impacts-
Gain Privileges or Assume IdentityModify MemoryExecute Unauthorized Code or CommandsBypass Protection MechanismRead Memory
Tags-
Power Management HardwareClock/Counter HardwareSensor HardwareICS/OT (technology class)System on Chip (technology class)Execute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Memory (impact)Modify Memory (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available
CWE-1248
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
ShareView Details
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in0CVEs

The security-sensitive hardware module contains semiconductor defects.

Impacts-
DoS: Instability
Tags-
DoS: Instability (impact)
As Seen In-
Not Available
CWE-1256
Improper Restriction of Software Interfaces to Hardware Features
ShareView Details
Improper Restriction of Software Interfaces to Hardware Features
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in4CVEs

The product provides software-controllable device functionality for capabilities such as power and clock management, but it does not properly limit functionality that can lead to modification of hardware memory or register bits, or the ability to observe physical side channels.

Impacts-
Modify MemoryBypass Protection MechanismModify Application Data
Tags-
Memory HardwarePower Management HardwareClock/Counter HardwareBypass Protection Mechanism (impact)Modify Application Data (impact)Modify Memory (impact)
As Seen In-
2021 CWE Most Important Hardware List
CWE-1319
Improper Protection against Electromagnetic Fault Injection (EM-FI)
ShareView Details
Improper Protection against Electromagnetic Fault Injection (EM-FI)
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in6CVEs

The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

Impacts-
Gain Privileges or Assume IdentityModify MemoryExecute Unauthorized Code or CommandsBypass Protection MechanismRead Memory
Tags-
Memory HardwareMicrocontroller HardwarePower Management HardwareProcessor HardwareTest/Debug HardwareSensor HardwareSystem on Chip (technology class)Execute Unauthorized Code or Commands (impact)Bypass Protection Mechanism (impact)Read Memory (impact)Modify Memory (impact)Gain Privileges or Assume Identity (impact)
As Seen In-
Not Available
CWE-1332
Improper Handling of Faults that Lead to Instruction Skips
ShareView Details
Improper Handling of Faults that Lead to Instruction Skips
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in3CVEs

The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.

Impacts-
Unexpected StateAlter Execution LogicBypass Protection Mechanism
Tags-
System on Chip (technology class)Unexpected State (impact)Bypass Protection Mechanism (impact)Alter Execution Logic (impact)
As Seen In-
Not Available
CWE-1334
Unauthorized Error Injection Can Degrade Hardware Redundancy
ShareView Details
Unauthorized Error Injection Can Degrade Hardware Redundancy
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in1CVEs

An unauthorized agent can inject errors into a redundant block to deprive the system of redundancy or put the system in a degraded operating mode.

Impacts-
Unexpected StateDoS: InstabilityDoS: Crash, Exit, or RestartReduce ReliabilityDoS: Resource Consumption (Memory)Reduce PerformanceDoS: Resource Consumption (Other)Quality DegradationDoS: Resource Consumption (CPU)
Tags-
Reduce Performance (impact)DoS: Resource Consumption (CPU) (impact)Unexpected State (impact)Reduce Reliability (impact)DoS: Crash, Exit, or Restart (impact)Quality Degradation (impact)DoS: Resource Consumption (Memory) (impact)DoS: Instability (impact)DoS: Resource Consumption (Other) (impact)
As Seen In-
Not Available
CWE-1338
Improper Protections Against Hardware Overheating
ShareView Details
Improper Protections Against Hardware Overheating
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in0CVEs

A hardware device is missing or has inadequate protection features to prevent overheating.

Impacts-
DoS: Resource Consumption (Other)
Tags-
Power Management HardwareProcessor HardwareICS/OT (technology class)DoS: Resource Consumption (Other) (impact)
As Seen In-
Not Available
CWE-1351
Improper Handling of Hardware Behavior in Exceptionally Cold Environments
ShareView Details
Improper Handling of Hardware Behavior in Exceptionally Cold Environments
Likelihood of Exploit-Not Available
Mapping-Allowed
Abstraction-Base
Found in0CVEs

A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primitives when the device is cooled below standard operating temperatures.

Impacts-
Unexpected StateVaries by Context
Tags-
Embedded (architecture class)Microcomputer (architecture class)System on Chip (technology class)Unexpected State (impact)Varies by Context (impact)
As Seen In-
Not Available