This talk will introduce attendees to fault-injection, a local attack category which is often used as the first step in the attack chain for embedded systems, and in some cases can also lead to remote attacks. It will cover the techniques which attackers use to generate security violations such as bypassing read protection, secure boot, or debug protection in embedded systems, even when the code is completely free of bugs. You will learn about the attacker motivations, tools and techniques, as well as the methods used to harden devices against these attacks, and how increased public awareness, certification, and regulation is changing the landscape. You will see how the cost of the equipment needed is often very low, and learn how you can begin your “glitching” journey for under £20.
We will look at the fault-injection mitigations added in the Raspberry Pi Pico 2, and consider their efficacy - there is currently a $20,000 bug bounty available for breaking these protections leading to recovery of a secret stored in the One-Time-Programmable flash memory.
We shall also touch upon side-channel analysis, which can recover cryptographic keys in use through measurement and analysis of tiny power fluctuations, or even by using a coil to pick up electro-magnetic emanations.

Keywords/phrases:
- Embedded Systems
- Microcontrollers
- Hardware Attacks
- Fault-Injection
- Voltage Fault Injection (VFI)
- Electro-Magnetic Faul Injection (EMFI)
- Clock Fault Injection (CFI)
- Risk Assessment
- Threat Modelling
- Automotive
- Industrial Control Systems
- IoT
- Mitigation Strategies
- Raspberry Pi Pico 2
- Side-Channel Analysis