Improper Handling of Physical or Environmental Conditions

Incomplete Class

Structure: Simple

Description

This weakness occurs when a hardware device fails to manage unexpected physical or environmental situations, whether they happen naturally or are deliberately caused by an attacker. These conditions can force the hardware into an insecure state.

Extended Description

Hardware is designed to operate reliably within specific physical and environmental limits. When it encounters conditions outside this range—like extreme temperatures, power spikes, or electromagnetic interference—its behavior can become unpredictable and insecure. An attacker can artificially create these conditions to induce faults, such as flipping a critical bit used for authentication or bypassing a security check. Common threats include extreme temperatures, electromagnetic interference (EMI), unexpected light sources (lasers, UV), power anomalies (over/under-voltage), clock manipulation (glitching), component aging, and exposure to radiation. Since hardware often can't control its external environment, developers must design systems to either withstand these stresses or fail securely without compromising security controls.

Common Consequences 1

Scope: ConfidentialityIntegrityAvailability

Impact: Varies by ContextUnexpected State

Consequences of this weakness are highly dependent on the role of affected components within the larger product.

Potential Mitigations 3

Phase: Requirements

In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.

Phase: Architecture and DesignImplementation

Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.

Phase: Architecture and DesignImplementation

Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.

Observed Examples 1

CVE-2019-17391Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.

References 4

Categories of Security Vulnerabilities in ICS

Securing Energy Infrastructure Executive Task Force (SEI ETF)

09-03-2022

https://secureenergy.inl.gov/content/uploads/27/2024/12/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf(2025-08-04)

ID: REF-1248

Semi-invasive attacks - A new approach to hardware security analysis

Sergei P. Skorobogatov

04-2005

https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf

ID: REF-1255

Physical Security Attacks Against Silicon Devices

Texas Instruments

31-01-2022

https://www.ti.com/lit/an/swra739/swra739.pdf?ts=1644234570420

ID: REF-1285

On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical Attacks

Lennert Wouters, Benedikt Gierlichs, and Bart Preneel

14-03-2022

https://eprint.iacr.org/2022/328.pdf

ID: REF-1286

Applicable Platforms

Technologies:

System on Chip : UndeterminedICS/OT : Undetermined

Modes of Introduction

Architecture and Design

Manufacturing

Related Weaknesses

ChildOf:

Improper Check or Handling of Exceptional Conditions (CWE-703)