Home Blog Security Products Getting to know Electro-Magnetic Fault Injection

Getting to know Electro-Magnetic Fault Injection

Author: Riscure Team

Fault Injection (FI) is an attack method known for its effectiveness in identifying device security vulnerabilities. Multiple techniques can be used when applying FI, including Voltage, Laser, or Electro-Magnetic tools. These techniques can be used individually, but applying two or three of them can increase the number of identified vulnerabilities.

The Electro-Magnetic Fault Injection (EM-FI) method involves creating an electromagnetic field over the chip that could cause a change in the chip’s behavior. We can use it to try to bypass a security mechanism or retrieve encryption keys.

While exploring the surface of the chip, we try to create an effect in the chip with EM pulses. A variety of experiments can include shooting with a different number of consecutive pulses, different pulse strengths, and varying timing, covering the entire surface and testing as many different conditions as possible.

To help security test teams apply EM-FI fault injection technique, Riscure offers EM-FI transient probes, which allow performing testing in multiple steps. First, the EM-FI probe scans the surface of a chip, measuring activity. All are controlled with Riscure’s Inspector software. This scan identifies the possible points on the chip’s surface that we should explore more accurately looking for vulnerabilities. During the next phase, on areas chosen based on the measurement result, the EM-FI probe shoots electromagnetic pulses at the chip trying to change the chip’s behavior. To make testing as easy as can be, Riscure offers additional products to complete such an EM-FI test, like a precision XYZ stage to navigate the EM-FI probe over the chip surface. Furthermore, we offer a product named Spider that will take care of generating accurate glitch patterns and can be used to communicate over various protocols with the chip that needs to be tested. Riscure’s Inspector software can be used to analyze and visualize the testing results.

The effectiveness of an EM-FI test relies significantly on the capabilities of the probe. Riscure EM-FI probes are amongst the most powerful in the market, which enables security teams to identify vulnerabilities even under the most difficult scenarios. Next to that, Riscure’s new EM-FI transient probe will enable the user to vary the pulse width allowing to create more test scenarios and have a higher chance of finding critical security vulnerabilities. This new development will be especially useful for teams who work with security sensitive targets. The combination of measuring and fault injection testing with one probe, will save a lot of time and increase accuracy. We expect to release this new product later this month. Stay tuned to our product updates, and don’t forget to subscribe to our newsletter.

Share This