1. Home
  2. CWE Database
  3. CWE-1247
Base · Medium

CWE-1247: Improper Protection Against Voltage and Clock Glitches

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the de...

CWE-1247 · Base Level ·2 CVEs ·1 Mitigations

Description

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device.

A device might support features such as secure boot which are supplemented with hardware and firmware support. This involves establishing a chain of trust, starting with an immutable root of trust by checking the signature of the next stage (culminating with the OS and runtime software) against a golden value before transferring control. The intermediate stages typically set up the system in a secure state by configuring several access control settings. Similarly, security logic for exercising a debug or testing interface may be implemented in hardware, firmware, or both. A device needs to guard against fault attacks such as voltage glitches and clock glitches that an attacker may employ in an attempt to compromise the system.

Potential Impact

Confidentiality, Integrity, Availability, Access Control

Gain Privileges or Assume Identity, Bypass Protection Mechanism, Read Memory, Modify Memory, Execute Unauthorized Code or Commands

Demonstrative Examples

Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock glitches, an attacker might launch a fault-injection attack right when the signature check is happening (at the location marked with the comment), causing a bypass of the signature-checking process.
Bad
...
            if (signature_matches)  // <-Glitch Here
            {
			
              load_runtime_firmware();
			
            }
            else
            {
			
              do_not_load_runtime_firmware();
			
            }
            	
            ...
After bypassing secure boot, an attacker can gain access to system assets to which the attacker should not have access.
Good
If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful.

Mitigations & Prevention

Architecture and DesignImplementation

At the circuit-level, using Tunable Replica Circuits (TRCs) or special flip-flops such as Razor flip-flops helps mitigate glitch attacks. Working at the SoC or platform base, level sensors may be implemented to detect glitches. Implementing redundancy in security-sensitive code (e.g., where checks are performed)also can help with mitigation of glitch attacks.

Detection Methods

  • Manual Analysis Moderate — Put the processor in an infinite loop, which is then followed by instructions that should not ever be executed, since the loop is not expected to exit. After the loop, toggle an I/O bit (for oscilloscope monitoring purposes), print a console message, and reenter the loop. Note th
  • Dynamic Analysis with Manual Results Interpretation — During the implementation phase where actual hardware is available, specialized hardware tools and apparatus such as ChipWhisperer may be used to check if the platform is indeed susceptible to voltage and clock glitching attacks.
  • Architecture or Design Review — Review if the protections against glitching merely transfer the attack target. For example, suppose a critical authentication routine that an attacker would want to bypass is given the protection of modifying certain artifacts from within that specific routine (so that if the routine is bypassed, on
  • Architecture or Design Review — Many SoCs come equipped with a built-in Dynamic Voltage and Frequency Scaling (DVFS) that can control the voltage and clocks via software alone. However, there have been demonstrated attacks (like Plundervolt and CLKSCREW) that target this DVFS [REF-1081] [REF-1082]. During the design and implementa

Real-World CVE Examples

CVE IDDescription
CVE-2019-17391Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.
CVE-2021-33478IP communication firmware allows access to a boot shell via certain impulses

CWE-1384: Improper Handling of Physical or Environmental Conditions

The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artific...

Frequently Asked Questions

What is CWE-1247?

CWE-1247 (Improper Protection Against Voltage and Clock Glitches) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the de...

How can CWE-1247 be exploited?

Attackers can exploit CWE-1247 (Improper Protection Against Voltage and Clock Glitches) to gain privileges or assume identity, bypass protection mechanism, read memory, modify memory, execute unauthorized code or commands. This weakness is typically introduced during the Operation phase of software development.

How do I prevent CWE-1247?

Key mitigations include: At the circuit-level, using Tunable Replica Circuits (TRCs) or special flip-flops such as Razor flip-flops helps mitigate glitch attacks. Working at the SoC or platform base, level sensors may be impl

What is the severity of CWE-1247?

CWE-1247 is classified as a Base-level weakness (Medium abstraction). It has been observed in 2 real-world CVEs.