Sign In

Communications of the ACM

ACM TechNews

Critical 'Starbleed' Vulnerability in FPGA Chips Identified


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Field Programmable Gate Arrays can be flexibly programmed.

Scientists at Ruhr-Universitat Bochum's Horst Gortz Institute for Information Technology Security and the Max Planck Institute for Security and Privacy in Germany have identified a vulnerability in field-programmable gate array (FPGA) chips.

Credit: HGI, RUB

Scientists at Ruhr-Universitat Bochum's Horst Gortz Institute for Information Technology Security and the Max Planck Institute for Security and Privacy in Germany have discovered a vulnerability in field-programmable gate array (FPGA) chips.

The "Starbleed" bug allows hackers to completely commandeer the chips and their functionalities; replacing the chips is the only remedy, because the vulnerability becomes integrated with the hardware.

The researchers analyzed FPGAs from Xilinx, one of the two leading FPGA manufacturers. They exploited an update and fallback feature in the FPGAs to successfully decrypt the encrypted bitstream file used to program the chips, and to access and modify file content.

The Max Planck Institute's Christof Paar said, "Although detailed knowledge is required, an attack can eventually be carried out remotely, [and] the attacker does not even have to have physical access to the FPGA."

From Ruhr-University Bochum (Germany)
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found