FaultHunter: Automatically Detecting Vulnerabilities in C against Fault Injection Attacks

Fault injection attacks can completely bypass typical code defenses on embedded systems and lead to severe consequences, such as leaking encryption keys and bypassing secure boot. However, programmers lack awareness of fault injection attacks and there are limited tools to automatically detect these vulnerabilities. In this paper, we conduct an empirical evaluation over 15 C files (5,005 lines of code) selected from GitHub projects designed for embedded systems. We find that 3.72% of lines (i.e., 186 lines) are vulnerable under fault injection attacks. Moreover, we develop a new tool, named FaultHunter, which can automatically detect fault injection vulnerabilities in C code. Our detection method consists of two key building blocks, including parse tree generation and token search. Our experimental results show that FaultHunter can achieve a detection performance with 90.3% recall and 56.4% precision.