
Defeating Modern Secure Boot Using Second-Order Pulsed EM Fault Injection [pdf] - godelmachine
https://www.usenix.org/system/files/conference/woot17/woot17-paper-cui.pdf
======
bcaa7f3a8bbc
Traditionally, bypassing security protection and extracting secret from
physical devices requires decapsulation of the chip package, and using UV
rays, laser beams, ion beams, microprobes, electronic microscopes to
interference with and modify the circuity. This requires a high budget of
~10,000+ dollars, and usually prohibitively expensive enough to stop most
attackers.

Improvements of practical side-channel attacks and non-invasive fault-
injection attacks is really disturbing. In the end, there is nothing to keep
my private key from being extracted out of the smartcard...

~~~
baybal2
Credit card decaping doesn't seem to be ceasing due to that

------
userbinator
Power glitching has been known for a long time to defeat microcontroller copy
protection, and so is the use of EMP; but the trick is to not induce latchup,
which will cause permanent physical damage.

~~~
bcaa7f3a8bbc
Another common trick is clock glitching.

------
phendrenad2
Seems similar to how the Xbox 360 was eventually hacked, but using
electromagnetic pulses rather than invasive contact wires.

~~~
godelmachine
Would you kindly provide link to the research or some reference? Really would
love to read up on that.

~~~
voltagex_
Google "Reset Glitch Hack" or "JTAG hack".

~~~
godelmachine
phendrenad2 above had provided this link -
[https://www.theregister.co.uk/2011/09/01/xbox_reset_glitch_h...](https://www.theregister.co.uk/2011/09/01/xbox_reset_glitch_hack/)

Wonder why he removed it.

