FPGA Chip Vulnerability Affecting Cloud Services and IoT

Researchers from the Karlsruhe Institute of Technology (KIT) discovered a vulnerability in field-programmable gate arrays (FPGAs) impacting the security of cloud services and Internet-of-Things (IoT) applications. FPGAs are programmable computer chips that can assume every function of another computer chip. Their fields of application include smartphones, networks, the Internet, medical engineering, vehicle electronics, and aerospace. They are known to be secure and ideal for cloud service provider server farms due to their low current consumption. However, the concurrent use of the FPGA chip allows threat actors to conduct side-channel attacks and use the energy consumption of the chip to access data, allowing them to break encryption or crash the chip altogether, resulting in data loss. Similar issues may exist for other computer chips. At the time of this writing, restricting immediate access to the FPGAs can help minimize the risk of attack, though this can be challenging. The NJCCIC recommends patching systems as updates become available. More technical details on the impact of this vulnerability can be found in the Technology Network article and the IACR research paper.

AdvisoryNJCCICcloud, IoT