Fault attacks are traditionally considered under a threat model that assumes the device under test is in the possession of the attacker. We propose a variation on this model. In our model, the attacker integrates a fault injection circuit into a malicious field-replaceable unit, or FRU, which is later placed by the victim in close proximity to their own device. Examples of devices which incorporate FRUs include interface cards in routers, touch screens and sensor assemblies in mobile phones, ink cartridges in printers, batteries in health sensors, and so on. FRUs are often installed by after-market repair technicians without properly verifying their authenticity, and previous works have shown they can be used as vectors for various attacks on the privacy and integrity of smart devices. We design and implement a low-cost fault injection circuit suitable for placement inside a malicious FRU, and show how it can be used to practically extract secrets from a privileged system process through a combined hardware-software approach, even if the attacker software application only has user-level permissions. Our prototype produces highly effective and repeatable attacks, despite its cost being several orders of magnitude less than that of commonly used fault injection analysis lab setups. This threat model allows fault attacks to be carried out remotely, even if the device under test is in the hands of the victim. Considered together with recent advances in software-only fault attacks, we argue that resistance to fault attacks should be built into additional classes of devices.
Metal Fillers as Potential Low Cost Countermeasure against Optical Fault Injection Attacks