Automating Fault Injection: Using Deep Learning to Find Your Next Glitch

TLDR: Researchers have developed a method to automate the identification of vulnerable timing windows for fault injection attacks using Layer-wise Relevance Propagation (LRP). By training a neural network on power consumption traces, they can pinpoint the exact moment to trigger a fault, significantly reducing the time required for black-box hardware exploitation. This research provides a practical framework for pentesters to move beyond manual, time-consuming brute-force methods when targeting secure microcontrollers.

Hardware security testing often feels like a game of patience. When you are staring at a black-box device, trying to find the exact microsecond to glitch a secure boot process or bypass pin verification, you are usually stuck in a cycle of manual, tedious brute-forcing. You tweak pulse width, voltage, and timing, hoping for a crash that leaks a secret. This research presented at Black Hat 2025 changes the game by applying deep learning attribution methods to automate the discovery of these critical injection windows.

The Problem with Manual Glitching

Fault injection attacks, such as those targeting AES-128 implementations or secure boot sequences, rely on perturbing a chip during sensitive operations. If you do not know the internal architecture or the exact timing of the target operation, you are essentially shooting in the dark. You might spend weeks scanning the surface of a decapped chip with a laser or electromagnetic probe, hoping to find a spot that yields a useful fault.

The researchers at Ledger focused on this inefficiency. They realized that if you can capture power consumption traces of a device performing a task, you have a wealth of data that reveals the chip's internal state. The challenge is that this data is noisy and high-dimensional. Standard statistical tools like Signal-to-Noise Ratio (SNR) or T-tests are useful for side-channel analysis, but they often struggle to provide the granular, actionable timing information needed for precise fault injection, especially when the target device employs countermeasures like masking or desynchronization.

Applying LRP to Hardware Traces

Instead of relying solely on statistical analysis, the team used deep learning to classify power traces. They trained a neural network to distinguish between "protected" and "unprotected" states of a memory access operation. Once the model is trained, it can classify new traces with high accuracy. However, the real breakthrough is using Layer-wise Relevance Propagation (LRP) to interpret the model's decisions.

LRP allows you to trace the model's prediction back to the input features. In this context, it highlights the specific points in the power trace that contributed most to the model's classification. If the model identifies a trace as "unprotected," the LRP heatmap points directly to the timing window where the vulnerability exists. This turns a weeks-long manual search into a data-processing task that can be completed in minutes.

The researchers released their tool, Scadl, which implements these techniques. It allows you to load your power traces, train a model using TensorFlow, and generate the heatmaps necessary to identify your injection window.

Practical Exploitation on the DS28C36

To prove the concept, the team targeted the Analog Devices DS28C36, a secure authenticator chip often found in hardware wallets. They decapped the chip and used an infrared-pulsed laser to perform fault injection. By applying their LRP-based methodology, they were able to identify the exact timing of memory access operations.

When they fixed the laser on the identified vulnerable spot and triggered the fault at the precise timing window suggested by the LRP analysis, they achieved a success rate close to 99 percent for their double-fault injection. This is a massive leap over traditional methods where success rates are often low and highly dependent on luck. For a pentester, this means you can move from "maybe I'll get a hit today" to a reliable, repeatable exploit chain.

Defensive Implications

If you are working on the defensive side, this research highlights why simple countermeasures are no longer enough. If your device relies on basic timing jitter or simple masking to prevent fault injection, it is likely vulnerable to this type of automated analysis.

Defenders must assume that an attacker with enough time and the right equipment can map out these timing windows. The only way to mitigate this is to combine multiple, layered defenses. This includes using hardware that is specifically hardened against physical attacks, implementing robust power-blinding techniques, and ensuring that sensitive operations are not just protected by a single check, but by multiple, independent verification steps that are difficult to bypass simultaneously.

What Comes Next

This research is a clear signal that the barrier to entry for advanced hardware attacks is dropping. As machine learning tools become more accessible, the "black-box" nature of secure hardware will provide less protection than it once did.

For those of us in the field, the next step is to look at how these attribution methods can be applied to other targets. If you are currently working on a hardware assessment, stop relying on manual brute-force. Start collecting your power traces, build your datasets, and see what the model can tell you about the device's internal timing. The data is already there, waiting for you to interpret it.