Insufficient or Incomplete Data Removal within Hardware Component

Incomplete Base

Structure: Simple

Description

The product's data removal process fails to completely erase all data from hardware components, potentially leaving sensitive information behind.

Extended Description

When you delete data from hardware, physical properties of the device can cause information to persist—a problem known as data remanence. For example, magnetic media can retain traces of old data, residual electrical charge can linger in memory chips (ROM/RAM), and screen burn-in can preserve visual information, even after standard erasure and power removal. This happens because repeatedly writing the same value to a memory location can physically alter the cells. Even after overwriting, these minute physical changes allow the original data to be recovered through specialized analysis. Essentially, the hardware itself remembers more than your software commands it to forget, creating a security risk where supposedly deleted data remains accessible.

Common Consequences 1

Scope: Confidentiality

Impact: Read MemoryRead Application Data

Potential Mitigations 2

Phase: Architecture and Design

Apply blinding or masking techniques to implementations of cryptographic algorithms.

Phase: Implementation

Alter the method of erasure, add protection of media, or destroy the media to protect the data.

Observed Examples 1

CVE-2019-8575Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been "factory-default reset" with a vulnerable firmware version can still retrieve, at least, the previous owner's wireless network name, and the previous owner's wireless security (such as WPA2) key. This issue was addressed with improved, data deletion.

References 5

Introduction to differential power analysis and related attacks

Paul Kocher, Joshua Jaffe, and Benjamin Jun

1998

https://www.rambus.com/wp-content/uploads/2015/08/DPATechInfo.pdf

ID: REF-1117

The EM Side-Channel(s)

Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi

24-08-2007

https://link.springer.com/content/pdf/10.1007/3-540-36400-5_4.pdf(2023-04-07)

ID: REF-1118

RSA key extraction via low-bandwidth acoustic cryptanalysis

Daniel Genkin, Adi Shamir, and Eran Tromer

13-06-2014

https://www.iacr.org/archive/crypto2014/86160149/86160149.pdf

ID: REF-1119

Power Analysis for Cheapskates

Colin O'Flynn

24-01-2013

https://media.blackhat.com/eu-13/briefings/OFlynn/bh-eu-13-for-cheapstakes-oflynn-wp.pdf

ID: REF-1120

Data Remanence in Semiconductor Devices

Peter Gutmann

10th USENIX Security Symposium

08-2001

https://www.usenix.org/legacy/events/sec01/full_papers/gutmann/gutmann.pdf

ID: REF-1055

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

Not Technology-Specific : Undetermined

Modes of Introduction

Implementation

Related Attack Patterns

37
Path Traversal: '/absolute/pathname/here'

Related Weaknesses

ChildOf:

Sensitive Information in Resource Not Removed Before Reuse (CWE-226)

Notes

MaintenanceThis entry is still under development and will continue to see updates and content improvements.