tid-101
Vulnerability from emb3d
Type
hardware
Link
Show details on source website
Description

Devices will oftentimes consume variable amounts of power depending on the operations the device is performing. Power consumption analysis involves the reading and analyzing of power usage of a device. If a device is vulnerable to a power consumption analysis attack, it may be possible to extract or deduce information about the operating state of the device. This can include extracting secrets/keys, discovering operations conducted on sections of memory, and device control flow. A threat actor can therefore physically monitor the power consumption of a device during an execution of a cryptographic operation to create a trace of its power usage over time. By leveraging the understanding of the operations of common cryptographic properties, the power usage traces can be used to infer various information, such as the cryptographic keys.

CWE
  • CWE-1300: Improper Protection of Physical Side Channels (Base)
  • CWE-1255: Comparison Logic is Vulnerable to Power Side-Channel Attacks (Variant)


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.