Electromagnetic Fault Injection as a New Forensic Approach for SoCs

Abstract

Smartphones have a complex hardware and software architecture. Having access to their full memory space can help solve judicial investigations. We propose a new privilege escalation technique in order to access hidden contents and execute sensitive operations. While classical forensic tools mostly exploit software vulnerabilities, it is based on a hardware security evaluation technique. Electromagnetic fault injection is such a technique usually used for microcontrollers or FPGA security characterization. A security function running at 1.2GHz on a 64-bit SoC with a Linux-based OS was successfully attacked. The Linux authentication module uses this function to verify the password correctness by comparing two hash values. Hence, this work constitutes a step towards smartphones privilege escalation through electromagnetic fault injection. This approach is interesting for addressing forensic issues on smartphones.