A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans.
The details of the attacks against Xilinx 7-Series and Virtex-6 Field Programmable Gate Arrays (FPGAs) have been covered in a paper titled “The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs” by a group of academics from the Horst Goertz Institute for IT Security and Max Planck Institute for Cyber Security and Privacy.
“We exploit a design flaw which piecewise leaks the decrypted bitstream,” the researchers said. “In the attack, the FPGA is used as a decryption oracle, while only access to a configuration interface is needed. The attack does not require any sophisticated tools and, depending on the target system, can potentially be launched remotely.”
The findings will be presented at the USENIX Security Symposium later this year. The researchers said they privately disclosed the flaws to Xilinx on 24 September 2019. The semiconductor giant, in response, has posted a design advisory acknowledging the vulnerability.
“The complexity of this attack is similar to well known, and proven, DPA attacks against these devices and therefore do not weaken their security posture,” the company noted in its alert.
images from Hacker News