Debunking Fault Injection Myths And Misconceptions
Date: 15th Oct – TuesdayTime: 10:30-11:30Location: Ballroom A
Fault injection attacks, also known as glitching attacks, are not new. They have been historically performed by specialized labs, but the availability of low-budget tooling have made them accessible to a much larger audience. An increase in fault injection research and related publications is a positive and welcome side effect. Nonetheless, even though the practical knowledge for performing such attacks is becoming more widespread, a thorough understanding of the fundamental aspects is often lagging behind.
In this talk we provide fault injection insights, potentially overlooked in presentations and likely unknown to the masses. Such insights are distilled from our experience with fault injection attacks, performed with multiple techniques on a wide-variety of devices during the last decade. In our talk we refer to public research, some of which we were involved with, for supporting our claims. A significant portion of such research is rather domain specific, not easy to find or stumble upon and therefore often not referred to and discussed by researchers. In this talk we leverage such research and share our understanding of the fault injection fundamentals with the audience. In the process, we debunk myths and clarify misconceptions. Getting such myths and misconceptions out of the way allows us to discuss and reason about new powerful attacks, which can be also be performed using affordable tooling.