Toggle light / dark theme

Critical “Starbleed” vulnerability in FPGA chips identified

Posted in computing, encryption, mobile phones, security

April 2020


Field programmable gate arrays, FPGAs for short, are flexibly programmable computer chips that are considered very secure components in many applications. In a joint research project, scientists from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and from Max Planck Institute for Security and Privacy have now discovered that a critical vulnerability is hidden in these chips. They called the security bug “Starbleed.” Attackers can gain complete control over the chips and their functionalities via the vulnerability. Since the bug is integrated into the hardware, the security risk can only be removed by replacing the chips. The manufacturer of the FPGAs has been informed by the researchers and has already reacted.

The researchers will present the results of their work at the 29th Usenix Security Symposium to be held in August 2020 in Boston, Massachusetts, U.S… The has been available for download on the Usenix website since April 15, 2020.

Focus on the bitstream

FPGA chips can be found in many safety-critical applications today, from cloud data centers and mobile phone base stations to encrypted USB-sticks and industrial control systems. Their decisive advantage lies in their reprogrammability compared to conventional hardware chips with their fixed functionalities.

Leave a Reply