Fault Injection
What is Fault Injection?
Fault InjectionA class of physical or logical attacks that deliberately induce abnormal conditions in hardware or software to bypass security checks or leak secrets.
Fault injection deliberately disturbs the normal operation of a system — through voltage glitches, electromagnetic pulses, laser beams on a chip, clock manipulation, or malformed software inputs — to cause incorrect behaviour the attacker can exploit. Typical goals include skipping authentication checks, corrupting cryptographic computations to leak keys (differential fault analysis), or escaping secure boot. Both embedded devices (smart cards, TPMs, automotive ECUs) and high-value software are targets. Countermeasures include redundant computations, fault-detection sensors, randomised execution, error-correcting memory, secure-element shielding, and defensive programming that double-checks security decisions.
● Examples
- 01
Voltage glitching a smart card to skip a PIN verification branch.
- 02
Differential fault analysis on AES to recover a key from a corrupted ciphertext.
● Frequently asked questions
What is Fault Injection?
A class of physical or logical attacks that deliberately induce abnormal conditions in hardware or software to bypass security checks or leak secrets. It belongs to the Vulnerabilities category of cybersecurity.
What does Fault Injection mean?
A class of physical or logical attacks that deliberately induce abnormal conditions in hardware or software to bypass security checks or leak secrets.
How do you defend against Fault Injection?
Defences for Fault Injection typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Fault Injection?
Common alternative names include: Glitching attack, Fault attack.