Implementing Practical Electrical Glitching Attacks

Presented at Black Hat Europe 2015, Unknown date/time (Unknown duration).

Techniques for glitching attacks are well known, but there is little information on how to implement a full reliable exploit on a target. In this talk, we attempt to implement and execute successful voltage and clock glitching attacks on a group of target devices. During the talk, we detail the necessary conditions required to create an affordable, and reliable exploit for a target device. Other attacks typically involve decapping the target chip, with the use of expensive equipment typically out of reach of the normal hobbyist. In contrast, electrical glitching is a technique that can be used non-invasively, and can allow attackers the ability to bypass normal software protections or generate exploitable conditions within the target device. Electrical glitching involves modification of the clock or the voltage supplied to a chip. Clock glitching involves sending an out of cycle clock edge in order to make the chip advance to its next state prematurely, allowing us to bypass entire instructions. Voltage glitching involves increase or decreasing the voltage supplied to a chip in order to alter the state of the propagation delay experienced by the transistors in the chip, allowing you to corrupt register memory. The talk will involve studying and reproducing results from well known cases of electrical glitching such as the Xbox 360 clock glitch exploit.


Presenters:

  • Brett Giller - NCC Group
    Brett Giller is a security consultant, who has been with NCC Group over a year. Prior to working at NCC Group, Brett interned at a small startup company handling their application security, and was an active CTF member at the Polytechnic Institute of New York University. While working at NCC Group, he worked on projects ranging from web application pentesting to embedded hardware security.

Links:

Similar Presentations: