StandardDraft

CAPEC-625Mobile Device Fault Injection

Abstraction
Standard
Status
Draft

Description

Fault injection attacks against mobile devices use disruptive signals or events (e.g. electromagnetic pulses, laser pulses, clock glitches, etc.) to cause faulty behavior. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information. Although this attack usually requires physical control of the mobile device, it is non-destructive, and the device can be used after the attack without any indication that secret keys were compromised.

Related weaknesses· 8

CWE-1247CWE-1248CWE-1256CWE-1319CWE-1332CWE-1334CWE-1338CWE-1351

Related attack patterns· 1

CAPEC-624 (ChildOf)

Exploits8

TypeTargetConfidenceTier
WeaknessImproper Restriction of Software Interfaces to Hardware Featurescwe-1256100%live
WeaknessImproper Handling of Faults that Lead to Instruction Skipscwe-1332100%live
WeaknessImproper Protection against Electromagnetic Fault Injection (EM-FI)cwe-1319100%live
WeaknessSemiconductor Defects in Hardware Logic with Security-Sensitive Implicationscwe-1248100%live
WeaknessUnauthorized Error Injection Can Degrade Hardware Redundancycwe-1334100%live
WeaknessImproper Handling of Hardware Behavior in Exceptionally Cold Environmentscwe-1351100%live
WeaknessImproper Protection Against Voltage and Clock Glitchescwe-1247100%live
WeaknessImproper Protections Against Hardware Overheatingcwe-1338100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Hardware Fault Injection
CAPEC
Compromising Emanations Attack
CAPEC
Load Value Injection
CAPEC
Weakening of Cellular Encryption
CAPEC
Electromagnetic Side-Channel Attack
CAPEC
Cellular Data Injection
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.