Electromagnetic fault injection (EMFI) is often used to exploit embedded devices, but it requires a precise selection of several parameters to be consistently successful. In our talk we will present our novel algorithm for automatically estimating position, intensity and timings parameters for EMFI attacks, as well as the exploits we could perform by applying it to different real world targets using different microcontroller architectures. We will show how these architectures react differently to fault injection and how it is possible to obtain code execution and JTAG uncensoring within an hour on a black-box target, doing minimal hardware reverse engineering.
Enrico Pozzobon has worked as an automotive penetration tester since 2016. Together with Nils Weiss, he worked with automotive manufacturers and insurance companies to find vulnerabilities and build exploit demonstrations.
Nils Weiss researcher in Automotive Security with over 7 years of experience, currently spearheading dissecto GmbH, a spin-off from the Laboratory for Safe and Secure Systems (las3.de) at the University of Applied Sciences in Regensburg.
Dr. Weiss’s passion for Automotive Security was ignited during his internship at the industry giant, Tesla Motors, which eventually led him to embark on a journey toward revolutionizing the field of automotive security research. During his bachelor’s and master’s programs, he delved into the world of penetration testing and explored the vulnerabilities in entire vehicles.
In addition to his contributions towards penetration testing of automotive systems, Dr. Weiss has also been actively involved in developing open-source penetration testing frameworks for automotive systems such as the revolutionary Scapy.