FPGA chip
Photo credit: Twitter

London: A team of German researchers has discovered a critical vulnerability in FPGA chips that is part of cloud data centers, base stations for cell phones, encrypted USBs, and industrial control systems and can help hackers gain complete control over chips and key government and government data Authorities steal businesses.

Field programmable gate arrays, or FPGAs for short, are flexibly programmable computer chips that are considered very safe components in many applications.

In a joint research project, scientists from the Horst Gortz Institute for IT Security at the Ruhr University in Bochum and the Max Planck Institute for Security and Data Protection in Germany discovered that a critical security hole was hidden in these chips.

They called the security bug “Starbleed”. Since the error is integrated in the hardware, the security risk can only be eliminated by replacing the chips. The manufacturer informed the manufacturer of the FPGAs.

With these programmable chips, a user can write software that is loaded onto a chip and performs functions.

The advantage of FPGA chips is their reprogrammability compared to conventional hardware chips with their fixed functions.

This reprogrammability is possible because the basic components of FPGAs and their connections can be freely programmed.

In contrast, conventional computer chips are hard-wired and therefore dedicated to a single purpose.

The linchpin of FPGAs is the ‘bitstream’, a file that is used to program the FPGA.

To adequately protect it from attacks, the bitstream is secured by encryption methods.

Dr. Amir Moradi and Maik Ender, in collaboration with Professor Christof Paar, were able to decrypt this protected bitstream, gain access to the file content and change it.

To overcome encryption, the research team used the central feature of the FPGAs: the possibility of reprogramming. The scientists were able to manipulate the encrypted bit stream during the configuration process.

As part of their research, the scientists analyzed FPGAs from Xilinx, one of the two market leaders for field-programmable gate arrays.

The “Starbleed” vulnerability affects the 7x FPGAs from Xilinx with the four FPGA families Spartan, Artix, Kintex and Virtex as well as the previous version Virtex-6, which form a large part of the Xilinx FPGAs used today.

“We notified Xilinx of the vulnerability and then worked closely together during the vulnerability disclosure process. In addition, the vulnerability is highly unlikely to occur in the latest manufacturer’s series,” said Moradi.

“If an attacker gains access to the bitstream, they also have full control over the FPGA. Intellectual properties contained in the bitstream can be stolen. It is also possible to insert hardware trojans into the FPGA by manipulating the bitstream,” warned Paar.

Since the security hole is in the hardware itself, it can only be closed by replacing the chip.

“Although detailed knowledge is required, an attack may be carried out remotely. The attacker does not even have to have physical access to the FPGA,” added Paar.

Security researchers will present the results at the 29th Usenix Security Symposium, scheduled for August in Boston, Massachusetts.