Hardware Weaknesses of 2021

First CWE Security Report Highlights the “Most Important Hardware Weaknesses” of 2021 has been released.

“The goals for the 2021 Hardware List are to drive awareness of common hardware weaknesses through CWE, and to prevent hardware security issues at the source by educating designers and programmers on how to eliminate important mistakes early in the product development lifecycle,”

The Hardware CWE Special Interest Group (SIG) formed in 2020 is a a community forum for individuals representing organizations within hardware design, manufacturing, research, and security domains, as well as academia and government.

Hardware CWE Special Interest Group (SIG) has just released the first Most Important Hardware Weaknesses report on the MITRE Common Weakness Enumeration (CWE) site at https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html.

The report offers a look at the top 12 issues surrounding hardware security in 2021. The report goes through the 12 weaknesses of biggest concern — and highlights an additional five that didn’t quite make the cut. Security analysts and test engineers can use the list in preparing plans for security testing and evaluation. Managers and CIOs can use the list as a measuring stick of progress in their efforts to secure their hardware.

The 12 issues rated as most important in the report are: Improper Isolation of Shared Resources on System-on-a-Chip (SoC); On-Chip Debug and Test Interface With Improper Access Control; Improper Prevention of Lock Bit Modification; Security-Sensitive Hardware Controls with Missing Lock Bit Protection; Use of a Cryptographic Primitive with a Risky Implementation; Internal Asset Exposed to Unsafe Debug Access Level or State; Improper Restriction of Software Interfaces to Hardware Features; Improper Handling of Overlap Between Protected Memory Ranges; Sensitive Information Uncleared Before Debug/Power State Transition; Improper Access Control for Volatile Memory Containing Boot Code; Firmware Not Updateable; and Improper Protection of Physical Side Channels.

Sources:
https://www.hackster.io/news/cwe-security-report-highlights-the-most-important-hardware-weaknesses-of-2021-3b72fea9616e
https://heimdalsecurity.com/blog/most-dangerous-hardware-vulnerabilities-in-2021/
https://www.itpro.com/hardware/361437/mitre-reveals-10-worst-hardware-security-weaknesses-in-2021
https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html

0 Comments

Be the first to post a comment.

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*