Insufficient or Incomplete Data Removal within Hardware Component

Incomplete Base

Structure: Simple

Description

The product's data removal process does not completely delete all data and potentially sensitive information within hardware components.

Extended Description

Physical properties of hardware devices, such as remanence of magnetic media, residual charge of ROMs/RAMs, or screen burn-in may still retain sensitive data after a data removal process has taken place and power is removed. Recovering data after erasure or overwriting is possible due to a phenomenon called data remanence. For example, if the same value is written repeatedly to a memory location, the corresponding memory cells can become physically altered to a degree such that even after the original data is erased that data can still be recovered through physical characterization of the memory cells.

Common Consequences 1

Scope: Confidentiality

Impact: Read MemoryRead Application Data

Potential Mitigations 2

Phase: Architecture and Design

Apply blinding or masking techniques to implementations of cryptographic algorithms.

Phase: Implementation

Alter the method of erasure, add protection of media, or destroy the media to protect the data.

Observed Examples 1

CVE-2019-8575Firmware Data Deletion Vulnerability in which a base station factory reset might not delete all user information. The impact of this enables a new owner of a used device that has been "factory-default reset" with a vulnerable firmware version can still retrieve, at least, the previous owner's wireless network name, and the previous owner's wireless security (such as WPA2) key. This issue was addressed with improved, data deletion.

References 5

Introduction to differential power analysis and related attacks

Paul Kocher, Joshua Jaffe, and Benjamin Jun

1998

https://www.rambus.com/wp-content/uploads/2015/08/DPATechInfo.pdf

ID: REF-1117

The EM Side-Channel(s)

Dakshi Agrawal, Bruce Archambeault, Josyula R. Rao, and Pankaj Rohatgi

24-08-2007

https://link.springer.com/content/pdf/10.1007/3-540-36400-5_4.pdf(2023-04-07)

ID: REF-1118

RSA key extraction via low-bandwidth acoustic cryptanalysis

Daniel Genkin, Adi Shamir, and Eran Tromer

13-06-2014

https://www.iacr.org/archive/crypto2014/86160149/86160149.pdf

ID: REF-1119

Power Analysis for Cheapskates

Colin O'Flynn

24-01-2013

https://media.blackhat.com/eu-13/briefings/OFlynn/bh-eu-13-for-cheapstakes-oflynn-wp.pdf

ID: REF-1120

Data Remanence in Semiconductor Devices

Peter Gutmann

10th USENIX Security Symposium

08-2001

https://www.usenix.org/legacy/events/sec01/full_papers/gutmann/gutmann.pdf

ID: REF-1055

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Technologies:

Not Technology-Specific : Undetermined

Modes of Introduction

Implementation

Related Attack Patterns

37
Path Traversal: '/absolute/pathname/here'

Related Weaknesses

ChildOf:

Sensitive Information in Resource Not Removed Before Reuse (CWE-226)

Notes

MaintenanceThis entry is still under development and will continue to see updates and content improvements.