AutoPulse – Reproducible Discovery of Electromagnetic Fault Injection Vulnerabilities

Electromagnetic Fault Injection (EMFI) has become an established technique for fault injection in embedded systems. EMFI has several advantages compared to other fault injection techniques and its effectiveness has been proven in practice. Currently, the application of non-trivial EMFI experiments is limited by the high cost of advanced lab equipment and therefore unavailable for broader security research. We propose AutoPulse, a cost-effective and complete EMFI research platform based on commercial 3D printer hardware and publish the project documentation and software as open source. We show that our platform significantly reduces the cost of EMFI in practice and conduct a comprehensive literature survey to conclude that our platform specifications are sufficient to attack even modern SoCs with high clock rates. We evaluate AutoPulse by characteriizing the ESP32 micro controller and reproducing an EMFI attack on the execution pipeline. Our key observations imply that the publication of faults and attacks requires careful assessment of the parameter space and the commonly published fault maps strongly depend on process parameters that should be specified.