Everyone in the security area knows OWASP’s top 10 spots in the most dangerous gaps in web applications. The Common Weakness Calculation (CWE) community program now compiles a list of the most serious vulnerabilities in hardware. It starts with devices that cannot update the firmware.
As given in July Top 25 software bugs The goal List Be an eye opener for hardware gaps and create awareness to avoid weak points at the source. It is designed to enable researchers and test engineers to conduct safety tests and evaluations. The list entries show examples and relevant examples of how to prevent the security gap it creates.
Twelve common mistakes
The list for 2021 contains twelve common errors that endanger hardware security. However, unlike the top X lists mentioned above, the hardware issues are no longer weighed, but sorted by their CWE number. For importing bug fixes (CWE-1277), there is a common problem when the firmware cannot be updated first.
Less obvious, but worse for protected sensitivity keys, for example: manipulation of lock bits when writing or opening locks (CWE-1231). This way, the actually protected data can be read or modified later. However, inadequate protection of the physical side channels appears to be a frequent problem (CWE-1300).
Anyone involved in hardware development should look at other inputs as well. There are various ways you can inadvertently undermine hardware security. The current CWE listing provides valuable information on how to make your own growth more secure from the ground up.
“Avid writer. Subtly charming alcohol fanatic. Total twitter junkie. Coffee enthusiast. Proud gamer. Web aficionado. Music advocate. Zombie lover. Reader.”