logo

Improper Handling of Physical or Environmental Conditions

Incomplete Class
Structure: Simple
Description

The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.

Extended Description

Hardware products are typically only guaranteed to behave correctly within certain physical limits or environmental conditions. Such products cannot necessarily control the physical or external conditions to which they are subjected. However, the inability to handle such conditions can undermine a product's security. For example, an unexpected physical or environmental condition may cause the flipping of a bit that is used for an authentication decision. This unexpected condition could occur naturally or be induced artificially by an adversary. Physical or environmental conditions of concern are: - **Atmospheric characteristics: ** extreme temperature ranges, etc. - **Interference: ** electromagnetic interference (EMI), radio frequency interference (RFI), etc. - **Assorted light sources: ** white light, ultra-violet light (UV), lasers, infrared (IR), etc. - **Power variances: ** under-voltages, over-voltages, under-current, over-current, etc. - **Clock variances: ** glitching, overclocking, clock stretching, etc. - **Component aging and degradation** - **Materials manipulation: ** focused ion beams (FIB), etc. - **Exposure to radiation: ** x-rays, cosmic radiation, etc.

Common Consequences 1
Scope: ConfidentialityIntegrityAvailability

Impact: Varies by ContextUnexpected State

Consequences of this weakness are highly dependent on the role of affected components within the larger product.
Potential Mitigations 3
Phase: Requirements
In requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
Phase: Architecture and DesignImplementation
Where possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
Phase: Architecture and DesignImplementation
Where possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.
Observed Examples 1
CVE-2019-17391Lack of anti-glitch protections allows an attacker to launch a physical attack to bypass the secure boot and read protected eFuses.
References 4
Categories of Security Vulnerabilities in ICS
Securing Energy Infrastructure Executive Task Force (SEI ETF)
09-03-2022
https://secureenergy.inl.gov/content/uploads/27/2024/12/SEI-ETF-NCSV-TPT-Categories-of-Security-Vulnerabilities-ICS-v1_03-09-22.pdf(2025-08-04)
ID: REF-1248
Semi-invasive attacks - A new approach to hardware security analysis
Sergei P. Skorobogatov
04-2005
https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf
ID: REF-1255
Physical Security Attacks Against Silicon Devices
Texas Instruments
31-01-2022
https://www.ti.com/lit/an/swra739/swra739.pdf?ts=1644234570420
ID: REF-1285
On The Susceptibility of Texas Instruments SimpleLink Platform Microcontrollers to Non-Invasive Physical Attacks
Lennert Wouters, Benedikt Gierlichs, and Bart Preneel
14-03-2022
https://eprint.iacr.org/2022/328.pdf
ID: REF-1286
Applicable Platforms
Technologies:
System on Chip : UndeterminedICS/OT : Undetermined
Modes of Introduction
Architecture and Design
Manufacturing
Related Weaknesses
ChildOf: Improper Check or Handling of Exceptional Conditions (CWE-703)