innovation for industry
Articles ＆ files | Focus | Article
Hardware cyberattacks using fault injection
THOR illustrates an "active" hardware attack, bypassing an embedded security mechanism to disrupt a circuit's operation.
Fault injection attacks involve creating faults in electronic circuits via external disruption. This can take place in a number of ways: optically using a laser, electromagnetically, thermally or via the clock in a synchronous circuit or the power supply voltage.
The resulting faults disrupt the circuit's operation in order to:
About the demonstration
Disruption attacks have been known about for nearly 20 years. THOR's goal is to show manufacturers a threat source that needs to be taken into account from the development stage of sensitive products. It demonstrates how a simple, affordable device (hardware costing around €20) on a miniature scale (fitting into a hand) can be used to bypass a PIN check in unprotected electronics.
THOR implements a physical attack by disrupting the power supply. The targeted system carries out a PIN check. With just a slight physical modification to the circuit, an attacker can gain access to protected functions without knowing the PIN.
CEA is a French government-funded technological research organisation in four main areas: low-carbon energies, defense and security, information technologies and health technologies. A prominent player in the European Research Area, it is involved in setting up collaborative projects with many partners around the world.