1. Home
  2. CWE Database
  3. CWE-1319
Base · Medium

CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI)

The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

CWE-1319 · Base Level ·1 CVEs ·1 Mitigations

Description

The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

Electromagnetic fault injection may allow an attacker to locally and dynamically modify the signals (both internal and external) of an integrated circuit. EM-FI attacks consist of producing a local, transient magnetic field near the device, inducing current in the device wires. A typical EMFI setup is made up of a pulse injection circuit that generates a high current transient in an EMI coil, producing an abrupt magnetic pulse which couples to the target producing faults in the device, which can lead to:

Potential Impact

Confidentiality, Integrity, Access Control, Availability

Modify Memory, Read Memory, Gain Privileges or Assume Identity, Bypass Protection Mechanism, Execute Unauthorized Code or Commands

Demonstrative Examples

In many devices, security related information is stored in fuses. These fuses are loaded into shadow registers at boot time. Disturbing this transfer phase with EM-FI can lead to the shadow registers storing erroneous values potentially resulting in reduced security.
Colin O'Flynn has demonstrated an attack scenario [REF-1144] that uses electro-magnetic glitching during booting to bypass security and gain read access to flash, read and erase access to shadow memory area (where the private password is stored). Most devices in the MPC55xx and MPC56xx series that include the Boot Assist Module (BAM) (a serial or CAN bootloader mode) are susceptible to this attack. In this paper, a GM ECU was used as a real life target. While the success rate appears low (less than 2 percent), in practice a success can be found within 1-5 minutes once the EMFI tool is setup. In a practical scenario, the author showed that success can be achieved within 30-60 minutes from a cold start.

Mitigations & Prevention

Architecture and DesignImplementation

Real-World CVE Examples

CVE IDDescription
CVE-2020-27211Chain: microcontroller system-on-chip uses a register value stored in flash to set product protection state on the memory bus and does not contain protection against fault injection (CWE-1319) which l

CWE-693: Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed at...

Frequently Asked Questions

What is CWE-1319?

CWE-1319 (Improper Protection against Electromagnetic Fault Injection (EM-FI)) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The device is susceptible to electromagnetic fault injection attacks, causing device internal information to be compromised or security mechanisms to be bypassed.

How can CWE-1319 be exploited?

Attackers can exploit CWE-1319 (Improper Protection against Electromagnetic Fault Injection (EM-FI)) to modify memory, read memory, gain privileges or assume identity, bypass protection mechanism, execute unauthorized code or commands. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-1319?

Key mitigations include:

What is the severity of CWE-1319?

CWE-1319 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.