BaseIncomplete

CWE-1278Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

Category: other

Description

Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.

Common consequences· 1

  • Confidentiality — Varies by Context
    A common goal of malicious actors who reverse engineer ICs is to produce and sell counterfeit versions of the IC.

Potential mitigations· 1

  • [Architecture and Design]The cost of secret extraction via IC reverse engineering should outweigh the potential value of the secrets being extracted. Threat model and value of secrets should be used to choose the technology used to safeguard those secrets. Examples include IC camouflaging and obfuscation, tamper-proof packaging, active shielding, and physical tampering detection information erasure.

Related CAPEC attack patterns· 3

CAPEC-188CAPEC-37CAPEC-545

References

  1. https://cwe.mitre.org/data/definitions/1278.html

Exploits (incoming)3

TypeTargetConfidenceTier
AttackPatternPull Data from System Resourcescapec-545100%live
AttackPatternRetrieve Embedded Sensitive Datacapec-37100%live
AttackPatternReverse Engineeringcapec-188100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Semiconductor Defects in Hardware Logic with Security-Sensitive Implications
CWE
Missing Ability to Patch ROM Code
CWE
Missing Protection Mechanism for Alternate Hardware Interface
CWE
Improper Protection of Physical Side Channels
CWE
Improper Management of Sensitive Trace Data
CWE
Improper Handling of Faults that Lead to Instruction Skips
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.