Master the art of Fault Injection

Why we consider Fault Injection to be the next generation security threat?

Logical attacks are the number one threat for any secure embedded system. If you are developing hardware or software for an IoT appliance, router, mobile phone, car or even a space station, you have to develop secure code and follow universally accepted standards like  rely on secure coding standards like Microsoft’s Security Development Lifecycle or consult the knowledge base of common security weaknesses like the CWE by MITRE.

With the improvement of software security, adversaries will inevitably start looking for new ways to attack devices, in their pursuit to steal private data, intellectual property and compromise target infrastructure in general. Fault Injection is a physical attack on the data and behavior of an Integrated Circuit (IC). This means, Fault Injection is a physical attack on the logic with the goal to bypass secure boot mechanisms, extract a secret key, disrupt a program counter, and extract firmware or to manipulate any other secure asset inside an IC. Such attack is harder to implement, but often it allows to bypass protection methods entirely, with a severe impact on vendors and consumers. We believe that Fault Injection is the next logical step in the evolution of attacks, especially relevant for any embedded system developer.

Examples of attacks that utilize Fault Injection

• Bypassing Secure Boot
• Bypassing the security mechanisms in a gaming console (Sony Playstation Vita) – an external research by Yifan Lu
• Applying electromagnetic pulses to hack a casino slot machine – a 2014 article in Wired magazine
• Using fault injection attack to bypass the security of a crypto wallet – a research by Riscure’s expert Sergei Volokitin
• Fault Injection vulnerability in ESP32 IoT System-On-Chip that leads to arbitrary code execution – discovered by Riscure

The easiest example of a Fault Injection is an attack is a voltage drop. If a device, or a specific chip normally needs 3.3 volts from a power supply, what could happen if during a sensitive operation (e.g. checking your PIN) we drop it to 2.2v more, or less? A few things can happen, either the devices continues working, or it mutes and needs to be reset, or even worse it breaks. But with the right timing it skips the verification and gives access to something normally not allowed, for example your bitcoin wallet data. This is what we would describe as a successful glitch. In general we say at Riscure: Every unprotected IC is vulnerable to Fault Injection Attacks.

In the most basic way, using general-purpose hardware a fault injection attack is described in this video presentation by Riscure’s expert Rafael Boix Carpi:

It would be very hard to ‘glitch’ a computer browser or in general any ‘rich’ environment. This is why Fault Injection research is mostly focused on embedded systems: where the code base is small, the hardware to be attacked is relatively simple, hence the potential for a successful attack is higher. But any complex device, like a laptop or a smartphone, relies on a ‘simple routine’ when booting, and this is when the core security mechanisms are being established. A successful attack on a Secure Boot implementation could then be utilized to alter the firmware, circumvent the root of trust, with obvious consequences – a compromise of secure payment on a smartphone or placing a permanent backdoor on a laptop.

For many applications it is much easier to attack via a software vulnerability in a rich environment. That is the reason why hardware attacks are often perceived as low priority. We believe this needs to be changed. Software becomes more resilient and at some point adversaries will switch to more complex attacks on hardware, including Fault Injection. Compromising Secure Boot and other critical components of a system may lead to disastrous consequences, i.e. complete security compromise. It can also be used to analyze firmware to find additional vulnerabilities. Combined, an attacker is then capable of scaling the attack, affecting not only a single device, but rather the entire fleet or even the backend network infrastructure of a vendor.

The threat is real
Fault Injection is not something only a sophisticated research laboratory or some government agency can only perform. Fault Injection is increasingly accessible to adversaries with some basic electronics knowledge and time. Since many devices are not protected at all against Fault Injection, finding the needle in the haystack is not that hard. Furthermore, if a weakness has been found then it’s usually easy to reproduce.

The threat of Fault Injection in a nutshell:

• Inexpensive and can be carried out with basic tools.
• Becomes even easier with the development of open source tools.
• Easy to reproduce when you find a fault.
• Large attack surface.
• Often it takes anywhere from minutes to hours to compromise a commercial device.

Riscure has 20 years of experience in Fault Injection and is considered the expert in Fault Injection. Fault Injection can be mitigated with the proper knowledge and testing. At Riscure we offer 4 pillars of Fault Injection knowledge and testing:

• Security Training
• True Code – Code Analysis
• Inspector – Hardware Analysis
• Services – Testing and Certification

If you are interested in embedding the latest hardware security expertise in your development, feel free to get in touch with us via inforequest@riscure.com or by completing the form below.

WeLove.FI is an initiative of Riscure to educate and advocate the industry on the threat and the potential impact of Fault Injection attacks. Our purpose is to show on one side how customers can protect themselves against fault injection attacks, and on the other side demonstrate the potential of Fault Injection research as we constantly investigate new attack methods.

Join us in Twitter and LinkedIn and follow the latest developments of the WeLove.fi initiative with the hashtag #welovefi.