Quick Overview: Hardware Security Vulnerabilities

Community working in the field of hardware security lists out of the most found vulnerabilities in hardware. Individuals involved in the community are from academia, industry, and government agencies. The main reason for publishing vulnerabilities is to enhance awareness among professionals in hardware design, manufacturing, research, and security domains.

The 2021 CWE Most Important Hardware Vulnerabilities

CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)

If shared resources on SoC are not isolated properly, this weakness may arise. As the number of pins is limited, pins may be configured for multiple tasks. Hence, sometimes untrusted agents may have access to resources that should have access to only trusted agents.

This vulnerability will be detected using dynamic analysis by verifying each system resource (e.g. control register) mapping with trusted and untrusted agents.

CWE-1191 On-Chip Debug and Test Interface With Improper Access Control

This vulnerability allows attackers to access the internals of the device by accessing enabled test interfaces such as JTAG. If proper authentication is not enabled or the test interface is not disabled, an attacker may use a different hardware hacking tool (e.g. JTAGugator) to access those interfaces and extract sensitive information including firmware.

Sometimes developers choose to hide debug and test interfaces by following a principle of security by obscurity. This is not a recommended practice to achieve security by hiding on-chip debug and test interfaces.

CWE-1231 Improper Prevention of Lock Bit Modification

Lock bit is used for the prevention of restricting access addresses, registers, etc. but if methods used for prevention are not effective, an attacker may unlock the bit.

CWE-1233 Security-Sensitive Hardware Controls with Missing Lock Bit Protection

CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation

This vulnerability arises when developers use home-developed cryptographic implements in the device. It is recommended to use well-tested implementation of cryptographic implementation such as FIPS.

CWE-1244 Internal Asset Exposed to Unsafe Debug Access Level or State

CWE-1256 Improper Restriction of Software Interfaces to Hardware Features

This type of vulnerability arises when a change in software configurations results in changes in hardware memory or register bits or emission of side channels.

CWE-1260 Improper Handling of Overlap Between Protected Memory Ranges

CWE-1272 Sensitive Information Uncleared Before Debug/Power State Transition

CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

CWE-1277 Firmware Not Updateable

Sometimes firmware is not updatable for fixing operational and security issues. This type of vulnerability exposes customers permanently until that device is removed from the system.

CWE-1300 Improper Protection of Physical Side Channels

Physical Side Channel attacks are used to break cryptographic implementations used in hardware devices. This type of attack takes advantage of residual emission of energy in the form of electromagnetic emission, acoustic, and power.

Reference

https://cwe.mitre.org/data/definitions/1343.html