CAPEC-624
Description
The adversary uses disruptive signals or events, or alters the physical environment a device operates in, to cause faulty behavior in electronic devices. This can include electromagnetic pulses, laser pulses, clock glitches, ambient temperature extremes, and more. When performed in a controlled manner on devices performing cryptographic operations, this faulty behavior can be exploited to derive secret key information.
Prerequisites
Physical access to the system
The adversary must be cognizant of where fault injection vulnerabilities exist in the system in order to leverage them for exploitation.
Mitigations
Implement robust physical security countermeasures and monitoring.
Skills Required
[High] Adversaries require non-trivial technical skills to create and implement fault injection attacks. Although this style of attack has become easier (commercial equipment and training classes are available to perform these attacks), they usual require significant setup and experimentation time during which physical access to the device is required.