Security News > 2020 > April > Starbleed: Flaw in FPGA Chips Exposes Safety-Critical Devices to Attacks
A potentially serious vulnerability discovered by researchers in Field Programmable Gate Array chips can expose many mission- and safety-critical devices to attacks.
A team of researchers from Germany's Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and the Max Planck Institute for Security and Privacy discovered that FPGA chips are affected by a critical vulnerability - they have named it Starbleed - that can be exploited to take complete control of the chips.
In order to exploit the weakness, an attacker would need to have access to the targeted device's JTAG or SelectMAP interfaces, but the researchers warned that remote attacks may also be possible.
The attack results in full decryption against 7-series Xilinx devices and partial decryption against Virtex-6 devices.
Xilinx noted in its advisory that "The complexity of this attack is similar to well known, and proven, DPA attacks against these devices and therefore do not weaken their security posture."
News URL
Related news
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- CISA Warns of Critical Jenkins Vulnerability Exploited in Ransomware Attacks (source)
- Critical Flaws in Traccar GPS System Expose Users to Remote Attacks (source)
- Ransomware attacks escalate as critical sectors struggle to keep up (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Russian military hackers linked to critical infrastructure attacks (source)
- Critical SonicWall SSLVPN bug exploited in ransomware attacks (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Ivanti warns of another critical CSA flaw exploited in attacks (source)