TID-118: Weak Peripheral Port Electrical Damage Protection
Threat Description
If a threat actor has physical access to a device, they may be able to cause physical damage to the circuit board of a device, in some cases even destroying the device. A malicious actor may short circuit or introduce out-of-spec voltages and currents to pins on external connectors. This can lead to effects as mild as interrupting device functionality, by causing crashes or reboots, or as significant as corrupting data, corrupting firmware, or permanent hardware damage. Depending on how robust the hardware design is, physical damage may be limited to a single affected peripheral port or as extensive as destroying the entire device.
Threat Maturity and Evidence
Known Exploitable Weakness
USBKILL
“The USBKill is a device that stress tests hardware. When plugged in power is taken from a USB-Port, multiplied, and discharged into the data-lines, typically disabling an unprotected device.”
CWE
CWE-1384: Improper Handling of Physical or Environmental Conditions
“The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.”