The non-profit organization MITRE has published a list of the most dangerous vulnerabilities in programming, design, and architecture that will affect hardware in 2021. These weaknesses are found in hardware programming and design leading to exploitable vulnerabilities and exposing systems to cyberattacks.
This list is the result of the joint work of the organization within the Hardware CWE Special Interest Group (SIG), a group of professionals from hardware design, manufacturing, research, security, academia and government.
The following list gives an insight into the ten most dangerous hardware security vulnerabilities out of 96 hardware entries in the CWE corpus.
| CWE-1189 | Improper Isolation of Shared Resources on System-on-a-Chip (SoC) |
| CWE-1191 | On-Chip Debug and Test Interface With Improper Access Control |
| CWE-1231 | Improper Prevention of Lock Bit Modification |
| CWE-1233 | Security-Sensitive Hardware Controls with Missing Lock Bit Protection |
| CWE-1240 | Use of a Cryptographic Primitive with a Risky Implementation |
| CWE-1244 | Internal Asset Exposed to Unsafe Debug Access Level or State |
| CWE-1256 | Improper Restriction of Software Interfaces to Hardware Features |
| CWE-1260 | Improper Handling of Overlap Between Protected Memory Ranges |
| CWE-1272 | Sensitive Information Uncleared Before Debug/Power State Transition |
| CWE-1274 | Improper Access Control for Volatile Memory Containing Boot Code |
| CWE-1277 | Firmware Not Updateable |
| CWE-1300 | Improper Protection of Physical Side Channels |
The list also aims to prevent hardware security problems at the source by educating programmers and designers on how to eliminate critical bugs early in the product development lifecycle.
In addition, test engineers and safety analysts may also consider the list useful in preparing for safety tests and evaluation plans.
For more information, read the original story in BleepingComputer.