Alternative Approaches for Fault Injection Countermeasures (Part 3/3)

Authors: Jeremy Boone, Sultan Qasim Khan In the previous blog post we described a set of software-based fault injection countermeasures. However, we recognize that software-based mitigations are not a silver bullet and do have several drawbacks. Though they can frustrate an attacker and reduce the reliability of an exploit attempt, a persistent attacker may possess … Continue reading Alternative Approaches for Fault Injection Countermeasures (Part 3/3)

Software-Based Fault Injection Countermeasures (Part 2/3)

Authors: Jeremy Boone, Sultan Qasim Khan  This blog post is a continuation of part 1, which introduced the concept of fault injection attacks. You can read that prior post here. When advising our clients on the matter of fault injection (FI), we are often asked how to determine whether low-level software is vulnerable, and more importantly, how … Continue reading Software-Based Fault Injection Countermeasures (Part 2/3)

An Introduction to Fault Injection (Part 1/3)

Authors: Jeremy Boone, Sultan Qasim Khan Though the techniques have existed for some time, in recent years, fault injection (FI) has emerged as an increasingly more common and accessible method of exploitation. Typically requiring physical access, an attacker can momentarily tamper with a processor’s electrical inputs (e.g., voltage or clock). By violating the safe ranges … Continue reading An Introduction to Fault Injection (Part 1/3)

There’s A Hole In Your SoC: Glitching The MediaTek BootROM

This research was conducted by our intern Ilya Zhuravlev, who has returned to school but will be rejoining our team after graduation, and was advised by Jeremy Boone of NCC Group's Hardware & Embedded Systems Practice. With the advent of affordable toolchains, such as ChipWhisperer, fault injection is no longer an attack vector that is … Continue reading There’s A Hole In Your SoC: Glitching The MediaTek BootROM

Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

By Sultan Qasim Khan Microcontrollers commonly include features to prevent the readout of sensitive information in internal storage. Such features are commonly referred to as readback protection or readout protection. This paper describes common readback protection implementation flaws, discusses techniques that can be used to defeat readback protection, and provides guidance to implement effective readback … Continue reading Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses