CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)

The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

Electromagnetic fault injection may allow an attacker to locally and dynamically modify the signals (both internal and external) of an integrated circuit. EM-FI attacks consist of producing a local, transient magnetic field near the device, inducing current in the device wires. A typical EMFI setup is made up of a pulse injection circuit that generates a high current transient in an EMI coil, producing an abrupt magnetic pulse which couples to the target producing faults in the device, which can lead to: Bypassing security mechanisms such as secure JTAG or Secure Boot Leaking device information Modifying program flow Perturbing secure hardware modules (e.g. random number generators)

CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Illustrative examples

Attack patterns

Frequently asked questions

What is CWE-1319?

What CVEs are caused by CWE-1319?

What are the consequences of CWE-1319?

Is CWE-1319 actively exploited?

References

Stay ahead of CWE-1319

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Illustrative examples

Related weaknesses

Parent

Attack patterns

Frequently asked questions

What is CWE-1319?

What CVEs are caused by CWE-1319?

What are the consequences of CWE-1319?

Is CWE-1319 actively exploited?

References

Stay ahead of CWE-1319