Incorrect Selection of Fuse Values

Draft Base

Structure: Simple

Description

This vulnerability occurs when a hardware security fuse is incorrectly programmed to represent a 'secure' state as logic 0 (unblown). An attacker can permanently force the system into an insecure mode simply by blowing the fuse, which flips its value to logic 1.

Extended Description

Hardware fuses are commonly used for one-time programmable (OTP) memory to store secrets or security settings. By design, an unblown fuse reads as a logic 0, while blowing it changes the reading to a logic 1. The security flaw arises when the system's firmware or logic gates are configured with negative logic, interpreting a blown fuse (logic 1) as a command to disable security protections. Since fuses are irreversible, an attacker's single action of blowing the targeted fuse can permanently lock the device into a compromised state. This highlights a critical design error: the secure condition must be represented by the blown (logic 1) state, not the unblown state, to prevent an attacker from easily overriding security by manipulating the fuse.

Common Consequences 4

Scope: Access ControlAuthorization

Impact: Bypass Protection MechanismGain Privileges or Assume Identity

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Scope: Confidentiality

Impact: Read Memory

Scope: Integrity

Impact: Modify MemoryExecute Unauthorized Code or Commands

Potential Mitigations 1

Phase: Architecture and Design

Logic should be designed in a way that blown fuses do not put the product into an insecure state that can be leveraged by an attacker.

Demonstrative Examples 1

A chip implements a secure boot and uses the sensed value of a fuse "do_secure_boot" to determine whether to perform a secure boot or not. If this fuse value is "0", the system performs secure boot. Otherwise, it does not perform secure boot. An attacker blows the "do_secure_boot" fuse to "1". After reset, the attacker loads a custom bootloader, and, since the fuse value is now "1", the system does not perform secure boot, and the attacker can execute their custom firmware image. Since by default, a fuse-configuration value is a "0", an attacker can blow it to a "1" with inexpensive hardware. If the logic is reversed, an attacker cannot easily reset the fuse. Note that, with specialized and expensive equipment, an attacker with full physical access might be able to "unblow" the fuse value to a "0".

References 1

Security Failures in Secure Devices

Christopher Tarnovsky

https://www.blackhat.com/presentations/bh-europe-08/Tarnovsky/Presentation/bh-eu-08-tarnovsky.pdf

ID: REF-1080

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

Not Technology-Specific : Undetermined

Modes of Introduction

Architecture and Design

Implementation

Related Attack Patterns

74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Related Weaknesses

ChildOf:

Protection Mechanism Failure (CWE-693)

Notes

MaintenanceThis entry is still under development and will continue to see updates and content improvements.