Suche
Mein Konto
Vulnerability discovered in FPGAs: New threat to 5G and cars!
Researchers at Ruhr University Bochum discover security gaps in FPGAs and offer a solution to combat side channel attacks.
Vulnerability discovered in FPGAs: New threat to 5G and cars!
Researchers at the Ruhr University Bochum and the Worcester Polytechnic Institute have discovered a serious security gap in field programmable gate arrays (FPGAs) that could have far-reaching consequences for IT security. These chips are used in critical areas such as 5G networks, the automotive industry and in cryptographic encryption. The results of their study were published on ArXiv.org on September 30, 2025 and illustrate how complex hardware attacks can be designed.
The new findings show that FPGAs, which are used in many safety-critical applications, are vulnerable to so-called side-channel attacks. These attacks are based on evaluating physical information, such as power consumption and runtime, generated during the processing of cryptographic operations. Loud Scisimple These side-channel attacks pose a serious threat because they do not exploit weaknesses in the algorithms, but rather focus on physical characteristics. Attackers can obtain secret information such as cryptographic keys by measuring power consumption.
The technology behind the discovery
The researchers have developed a method called “Chynopsis” that makes it possible to put FPGAs into a controlled sleep state without the devices’ alarm system responding. Modern FPGAs are equipped with clock and voltage sensors, but these often do not react quickly enough to voltage drops that can occur during an attack. In the case of targeted rapid undervolting, the clock logic can be stopped but the stored values can be retained, allowing attackers to examine the hardware.
In their practical demonstrations on the OpenTitan FPGA, the researchers bypassed the alarm mechanisms, which underlines the danger of this security vulnerability. The study shows that special measurement methods can be used to extract secret data and that the security vulnerability was reported to the manufacturers AMD (formerly Xilinx) and Microchip as part of a responsible disclosure procedure. A related suggestion to fix the issue has also been provided.
Countermeasures and current developments
Research is exploring various techniques to reduce the vulnerability of FPGAs to side-channel attacks. One promising method is dynamic voltage and frequency scaling (DVFS), which adjusts voltage and frequency in real time to increase security. The analyzes show that often only small adjustments to the clock frequency are enough to make attacks more difficult. A 32-bit RISC-V system running an unprotected software version of the AES-128 standard was used as a test bed to evaluate the effectiveness of these techniques.
Loud Nature When evaluating the method for detecting Simple Power Side Channel Attacks (SPA) with the VCU108 FPGA board, a design was also implemented that is protected against such attacks. These developments help ensure that FPGAs can be used more safely even in resource-limited environments.
Research into side-channel attacks and their mitigation is crucial to the development of more robust cryptographic systems. It is believed that further studies are needed to further optimize approaches to such attacks and to ensure that security measures are able to cope with modern threats. The findings of the Bochum research group show how important it is to identify security gaps in a timely manner and to implement suitable countermeasures.