Selecting a strong cryptographic algorithm makes no sense if the information leaks out of the device through sidechannels. Sensitive information, such as secret keys, can be obtained by observing the power consumption, the electromagnetic radiation, etc. This class of attacks are called side-channel attacks. Another type of attacks, namely fault attacks, reveal secret information by inserting faults into the device. Because both side-channel attacks and fault attacks are based on weaknesses in the implementation, they both belong to the category of implementation attacks. This work gives an overview of the state-of-the-art in implementation attacks, reviews the origin of this problem at the CMOS circuit level and discusses countermeasures.