On-Demand Webinar: Future of Fault Injection - Expanding the Keysight Device Security Toolset
On Wednesday, December 10th, 2025 we hosted a webinar on the new PXI modules for the Keysight Embedded Device Security Testbench.
Fill out the form and start watching the recording now.
About The webinar
Modern embedded devices are becoming faster, smaller, and more complex. At the same time, attack techniques are evolving just as quickly, making effective security testing increasingly challenging.
In this webinar, we explore how fault injection is evolving, both from a tooling and methodology perspective, and through a real, hands-on attack against a modern IoT device.
The session is structured in three parts:
Part 1: Product Manager Erwin in ’t Veld introduces the Future of Fault Injection, presenting the latest advancements in Keysight’s Embedded Security Testbench and how they address modern fault injection challenges.
Part 2: External expert partner Niek Timmers presents an in-depth research case study, demonstrating how a PXI testbench and electromagnetic fault injection can be used to compromise a real-world device.
Part 3: A live Q&A session where experts answer attendee questions covering practical testing considerations, equipment requirements, and real-world attack behavior.
Part 1: Erwin, Product Manager [04:40 – 26:00]
At the beginning of 2025, the Keysight Device Security team introduced the Next-Generation PXI-based Embedded Security Testbench. This modular and scalable platform is designed to meet the increasing speed, complexity, and customization requirements of modern embedded devices.
The PXI architecture enables high-performance security testing while remaining flexible, allowing seamless integration of Keysight and third-party modules. This makes it possible to build complete side-channel analysis and fault injection setups that can evolve alongside attacker capabilities.
A key new addition to the Testbench is the PXI Glitch Pattern Generator, designed for advanced fault injection testing. The module provides precise control over glitch timing, strength, and sequencing across voltage, electromagnetic, and laser-based attacks. Compared to the previous generation, it delivers up to 10× higher performance, improved timing resolution, higher sampling rates, more channels, and increased output power.
The module integrates into existing workflows of Inspector Software through both a graphical user interface and Python API, supporting ease of use as well as advanced automation.
This section covers:
- Why modern embedded devices are harder to test than ever before
- How PXI-based architectures enable scalable and modular security testing
- The role of the new glitch pattern generator in improving precision, speed, and reproducibility
- Key performance improvements compared to previous generations
- How fault injection and side-channel analysis can be combined within a single platform
- Built-in automation, usability improvements, and support for GUI- and script-based workflows
- This part is ideal for security evaluators, product vendors, and lab managers looking to future-proof their test setups.
Part 2: Niek Timmers, External Partner [26:00 – 41:00]
In the second part of the webinar, Niek Timmers presents a real-world fault injection case study targeting a modern Android-based device, the Google TV Streamer powered by a MediaTek system-on-chip. Using electromagnetic fault injection, he demonstrates how carefully timed hardware disturbances can corrupt CPU instruction execution and bypass kernel-level security checks.
This section walks through:
- Target selection and hardware reconnaissance
- Understanding the security architecture of a modern SoC
- Using electromagnetic glitching to disturb CPU instruction execution
- How instruction corruption can break software-based security assumptions
- Bypassing Linux kernel checks to obtain root access at runtime
- Lessons learned from attacking a real, commercially deployed device
Part 3: Q&A [47:00 – 60:00]
1. What hardware do I need to start with EM fault injection?
EMFI probe, glitch pattern generator, and target communication interface (USB/I²C/SPI). A PXI testbench with embedded controller covers the essentials.
2. Will EM fault injection damage my device?
Rarely. EM glitching typically causes memory overwrites rather than permanent chip damage,much safer than laser injection.
3. Which fault injection technique works best?
Depends on your target. EM requires minimal device modification but isn't always effective. Having multiple techniques available is essential.
4. Can these tools extract AI models?
Yes. Side-channel analysis and fault injection have successfully extracted AI model parameters in published research.
Full Q&A Available Want access to all audience questions and detailed expert answers? Subscribe below.
Key Takeaways
Embedded security testing must go beyond theory, incorporating real hardware attacks using professional-grade tools. This webinar provides both a platform-level overview and a concrete example of fault injection in practice.
For Security Engineers & Researchers:
- Next-generation PXI platforms deliver 10x performance improvements, enabling comprehensive testing (15-20 billion traces per day) without sacrificing time-to-market
- Real-world demonstration proves that modern high-speed processors (1.8GHz+) remain vulnerable to electromagnetic fault injection
- Advanced test equipment makes sophisticated attacks more accessible and repeatable, revealing vulnerabilities that software analysis alone cannot detect
For Product & Business Leaders:
- As embedded devices become faster and more complex, attackers are evolving—your test equipment must outperform both
- Software security models can fail completely when hardware is manipulated; defense-in-depth strategies are essential
- Physical security testing is no longer optional for devices handling sensitive data or requiring certification compliance
Watch the Full Webinar
Duration: Approximately 50 minutes