Lady bird

Niek Timmers

Security Analyst at Riscure

Cristofaro Mune

Freelance Embedded Security Consultant

Niek Timmers & Cristofaro Mune

Talk title

KERNELFAULT: Pwning Linux using Hardware Fault Injection

Talk Abstract

The primary goal of this talk is demonstrating the practicality of pwning Linux using (Hardware) Fault Injection. Fault injection can be used to alter the intended behavior of software and hardware by manipulating a target's environmental conditions. A common technique, Voltage Fault Injection, works by injecting glitches in the target's power supply. Most fault injection research focuses on attacking cryptographic algorithms or smaller code bases such as secure boot. This talk shows that fault injection is also an effective method to alter the intended behavior of Linux. Multiple attack scenarios are described where privileges are escalated from Linux User space to Linux Kernel space. A fault injection attack performed on a fast feature rich System-on-Chip (SoC) will be demonstrated live on stage.


Niek is a Security Analyst at Riscure where he analyzes and tests, among other things, the security of System-on-Chips (SoCs) and Embedded Systems. He shared the results of his fault injection research at FDTC, Black Hat Europe, HITB, and in PoC||GTFO.

Twitter handle : @tieknimmers

Cristofaro is a freelance Embedded Security Consultant, mostly focusing on IoT and TEEs, with wide experience in HW and SW security of embedded products. He provides his expertise during design, implementation and security testing, with the goal of helping securing the "Iot revolution" we have around. Research on Mobile security, Embedded exploitation, and White-Box Cryptography has been presented at renowned international conferences.

Twitter handle : @pulsoid