Safety ≠ Security
This work aims to address the lack of attention on fault injection attacks by investigating two modern microcontroller units that receive the highest safety assurance rating (ASIL-D) of the ISO 26262 standard. This is done in both a theoretical characterization setup and a more realistic setup where debugging interfaces are targeted. The results obtained from these setups show that the mechanisms implemented to adhere to this maximum safety rating do not adequately protect against fault injection attacks and are therefore insufficient to ensure security by themselves – additional countermeasures are required. Each setup required approximately one week of preparation, but once the attacker finds the optimal fault injection parameters, the attack can be repeated in less than an hour. We provide some recommendations on what type of countermeasures should be considered to improve the security with respect to fault injection attacks and also provide several pointers to continue the security research in this area.