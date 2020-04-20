London: A team of German researchers discovered a critical vulnerability in FPGA chips, part of cloud data centers, mobile phone base stations, encrypted USBs, and industrial control systems, which can help hackers obtain a Complete control over chips and stealing key data from governments and companies.

Field programmable gate arrays, FPGA for short, are flexibly programmable computer chips that are considered very safe components in many applications.

In a joint research project, scientists from the Horst Gortz Institute for IT Security at Ruhr-Universitat Bochum and the Max Planck Institute for Security and Privacy in Germany discovered that a critical vulnerability is hidden in these chips.

They called the security bug "Starbleed,quot;. Since the bug is built into the hardware, the security risk can only be eliminated by replacing the chips. The manufacturer of the FPGAs has been informed by the researchers.

With these programmable chips, a user can write software that is loaded onto a chip and executes functions.

The advantage of FPGA chips lies in their reprogrammability compared to conventional hardware chips with their fixed functionality.

This reprogrammability is possible because the basic components of FPGAs and their interconnects can be freely programmed.

In contrast, conventional computer chips are wired, and therefore dedicated to one purpose.

The key piece of FPGAs is the & # 39; bitstream & # 39 ;, a file that is used to program the FPGA.

To adequately protect it from attack, the bit stream is secured by encryption methods.

Dr. Amir Moradi and Maik Ender, in cooperation with Professor Christof Paar, managed to decipher this protected bitstream, gaining access to and modifying the file's content.

To overcome encryption, the research team took advantage of the core property of FPGAs: the possibility of reprogramming. The scientists were able to manipulate the encrypted bitstream during the setup process.

As part of their research, the scientists analyzed Xilinx FPGAs, one of the two market leaders in field programmable door arrays.

The vulnerability & # 39; Starbleed & # 39; It affects Xilinx Series 7 FPGAs with the four FPGA families Spartan, Artix, Kintex, and Virtex, as well as the previous Virtex-6 version, which forms a large part of the Xilinx FPGAs used today.

"We informed Xilinx of this vulnerability and then worked closely together during the vulnerability disclosure process. Also, it seems highly unlikely that this vulnerability will occur in the manufacturer's latest series," said Moradi.

"If an attacker gains access to the bitstream, he also gains complete control over the FPGA. The intellectual properties included in the bitstream can be stolen. It is also possible to insert hardware Trojans into the FPGA by manipulating the bitstream." Paar warned.

Since the security gap is in the hardware itself, it can only be closed by replacing the chip.

"Although detailed knowledge is required, an attack can eventually be carried out remotely, the attacker does not even have to have physical access to the FPGA," added Paar.

Security researchers will present the results at the 29th Usenix Security Symposium, to be held in August in Boston, Massachusetts.

