EM-Fault It Yourself: Building a Replicable EMFI Setup for Desktop and Server Hardware

by   Niclas Kühnapfel, et al.

EMFI has become a popular fault injection (FI) technique due to its ability to inject faults precisely considering timing and location. Recently, ARM, RISC-V, and even x86 processing units in different packages were shown to be vulnerable to electromagnetic fault injection (EMFI) attacks. However, past publications lack a detailed description of the entire attack setup, hindering researchers and companies from easily replicating the presented attacks on their devices. In this work, we first show how to build an automated EMFI setup with high scanning resolution and good repeatability that is large enough to attack modern desktop and server CPUs. We structurally lay out all details on mechanics, hardware, and software along with this paper. Second, we use our setup to attack a deeply embedded security co-processor in modern AMD systems on a chip (SoCs), the AMD Secure Processor (AMD-SP). Using a previously published code execution exploit, we run two custom payloads on the AMD-SP that utilize the SoC to different degrees. We then visualize these fault locations on SoC photographs allowing us to reason about the SoC's components under attack. Finally, we show that the signature verification process of one of the first executed firmware parts is susceptible to EMFI attacks, undermining the security architecture of the entire SoC. To the best of our knowledge, this is the first reported EMFI attack against an AMD desktop CPU.


page 1

page 3

page 4

page 5


V0LTpwn: Attacking x86 Processor Integrity from Software

Fault-injection attacks have been proven in the past to be a reliable wa...

MAFIA: Protecting the Microarchitecture of Embedded Systems Against Fault Injection Attacks

Fault injection attacks represent an effective threat to embedded system...

PMFault: Faulting and Bricking Server CPUs through Management Interfaces

Apart from the actual CPU, modern server motherboards contain other auxi...

The Forgotten Threat of Voltage Glitching: A Case Study on Nvidia Tegra X2 SoCs

Voltage fault injection (FI) is a well-known attack technique that can b...

An End-to-End Analysis of EMFI on Bit-sliced Post-Quantum Implementations

Bit-slicing is a software implementation technique that treats an N-bit ...

Stronger and Faster Side-Channel Protections for CSIDH

CSIDH is a recent quantum-resistant primitive based on the difficulty of...

Faulting original McEliece's implementations is possible: How to mitigate this risk?

Private and public actors increasingly encounter use cases where they ne...

Please sign up or login with your details

Forgot password? Click here to reset