Quick Overview: Hardware Security Vulnerabilities
Community working in the field of hardware security list out of the most found vulnerabilities in hardware. Individuals involved in the community are from academia, industry, and government agencies. The main reason for publishing vulnerabilities is to enhance awareness among professionals working in the field of hardware design, manufacturing, research, and security domains.
The 2021 CWE Most Important Hardware Vulnerabilities
CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
If shared resources on SoC are not isolated properly, this weakness may arise. As the number of pins is limited, pins may be configured for multiple tasks. Hence, sometimes untrusted agents may have access to resources that should have access to only trusted agents.
This vulnerability will be detected using dynamic analysis by verifying each system resource (e.g. control register) mapping with trusted and untrusted agents.
CWE-1191 On-Chip Debug and Test Interface With Improper Access Control
This vulnerability allows attackers to access the internals of the device by accessing enabled test interfaces such as JTAG. If proper authentication is not enabled or the test interface is not disabled, an attacker may use a different hardware hacking tool (e.g. JTAGugator) to access those interfaces and extract sensitive information including firmware.
Sometimes developers choose to hide debug and test interfaces by following a principle of security by obscurity. This is not a recommended practice to achieve security by hiding on-chip debug and test interfaces.
CWE-1231 Improper Prevention of Lock Bit Modification
Lock bit is used for the prevention of restricting access addresses, registers, etc. but if methods used for prevention are not effective, an attacker may unlock the bit.
CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection
CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation
This vulnerability arises when developers use home-developed cryptographic implements in the device. It is recommended to use well-tested implementation of cryptographic implementation such as FIPS.
CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State
CWE-1256 Improper Restriction of Software Interfaces to Hardware Features
This type of vulnerability arises when a change in software configurations results in changes in hardware memory or register bits or emission of side channels.
CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges
CWE-1272 Sensitive Information Uncleared Before Debug/Power State Transition
CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code
CWE-1277 Firmware Not Updateable
Sometimes firmware is not updatable for fixing operational and security issues. This type of vulnerability exposes customers permanently until that device is removed from the system.
CWE-1300 Improper Protection of Physical Side Channels
Physical Side Channel attacks are used to break cryptographic implementations used in hardware devices. This type of attack is taking advantage of residual emission of energy in the form of electromagnetic emission, acoustic, and power.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.