Valentin Huber and Marc Schink, Fraunhofer Institute for Applied and Integrated Security (AISEC)
Ferroelectric random access memory (FRAM) corruption has primarily been investigated in the context of safety for space applications and the associated radiation. In this work, we present the first in-depth analysis of the effects of fault injection on FRAM technology from a security perspective. This includes the identification of potentially vulnerable signals in the control circuit. Based on a theoretical consideration of possible weak points, we carry out practical attacks on external memory devices from different manufacturers. After a detailed analysis, we demonstrate the feasibility of this attack on an FRAM-based microcontroller, namely the MSP430FR. We show how the write-back operation, an FRAM intrinsic operation, can be exploited to reactivate the debug interface of the microcontroller. The attack can be carried out in less than a minute and with modest equipment costs, highlighting its practicability. Based on our analysis, we conclude with different mitigations that manufacturers can implement to enhance security.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Valentin Huber and Marc Schink},
title = {Be Write Back: An in-depth Study of Fault Injection Effects on {FRAM} Technology},
booktitle = {19th USENIX WOOT Conference on Offensive Technologies (WOOT 25)},
year = {2025},
isbn = {978-1-939133-50-2},
address = {Seattle, WA},
pages = {159--177},
url = {https://www.usenix.org/conference/woot25/presentation/huber},
publisher = {USENIX Association},
month = aug
}
