Electromagnetic Fault Injection (EMFI)

Rent, buy or lease electromagnetic fault injection (EMFI) test equipment for IC susceptibility and security testing.

EMFI tests use an intense, localized EM pulse to induce a temporary malfunction, or "glitch," in an IC's operation. An attacker can exploit these glitches to bypass security mechanisms or extract secret information. 
  • Attack techniques:
    • Secure boot bypass: An EM pulse is timed to disrupt memory transfers or code-signing verification during startup, forcing the system to boot with unauthorized firmware.
    • Instruction skip: An attacker can disrupt the processor's program flow to skip critical security-related instructions, such as checks for authentication or cryptographic operations.
    • Data corruption: Injecting a fault can corrupt data in memory or registers, potentially allowing an attacker to manipulate system behavior.
    • JTAG protection bypass: For devices with debug interfaces like JTAG, an EM pulse can be used to temporarily disable security protections that prevent access.
  • Methodology:
    • An EMFI test setup includes a specialized tool (like a ChipSHOUTER) to generate a high-current, transient pulse, which is sent through a coil near the target IC.
    • Test operators use precise positioning systems and timing triggers to control the exact location and moment the EM pulse is delivered.
    • By carefully varying the pulse's intensity, duration, and timing, they can induce specific, desired faults. 

Electromagnetic Fault Injection (EMFI) Test Equipment

  • Langer ICI-DP Double Pulse Magnetic Field Attack Generator

    Langer ICI-DP Double Pulse Magnetic Field Attack Generator

    SKU: 18864

    • Ideal for pre-certification IC evaluation to Common Criteria (CC) FIPS140-3
    • ISO21434 for automotive
    • OSCCA
    • IEC62443 and more
    • First and still only double pulse magnetic injection system on the market
    • Short learning curve
    • fast setup
    • easy to use software
    • online videos and customer support available
    • Fully integrated positing systems and IC scanners available
    • Check the compliance level of your chips (Common Criteria
    • FIPS
    • ISO/IEC
    • SESIP..)
    Inquire for Lead Time
    VIEW PRODUCT Cart