The Security Protocol and Data Model (SPDM) establishes device-level trust in hardware platforms through authentication, attestation, and secure session establishment. While prior research has focused on formal analyses and deployment considerations, the impact of implementation-level vulnerabilities, particularly under active physical adversaries, remains largely underexplored. This work presents FaultSpy, the first systematic framework for evaluating SPDM against Fault Injection Attacks (FIAs) and their combination with other prominent attack vectors, such as Man-In-The-Middle (MITM) attacks. Leveraging the fault injection simulation tool, FaultFinder, with our custom SPDM-specific hooks, we uncover nine concrete vulnerabilities spanning both threat models. These include bypassing mutual authentication, suppressing signature generation and verification, downgrading negotiated capabilities, skipping mandatory protocol steps, manipulating key update behavior, transmitting messages intended to be encrypted in plaintext, and extracting session keys. We further validate the feasibility of these attacks through practical voltage glitching experiments on an RP2350 microcontroller. Our findings demonstrate that FIAs-whether in isolation or combined with other attacks-significantly expand the SPDM attack surface, highlighting the need for robust implementation-level countermeasures.
Sun et al. (Fri,) studied this question.