Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

CVE-2021-38394

Medium

6.2/10

Summary

An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.

Attack Complexity: HIGH
Attack Vector: PHYSICAL
Integrity Impact: HIGH
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-1278 - Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

Information stored in hardware may be recovered by an attacker with the capability to capture and analyze images of the integrated circuit using techniques such as scanning electron microscopy.

References

Advisory Timeline

Published Oct 04, 2021

Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

CVE-2021-38394

Summary

CWE-1278 - Missing Protection Against Hardware Reverse Engineering Using Integrated Circuit (IC) Imaging Techniques

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS