Field programmable gate arrays (FPGA) are electronic devices that can be configured to perform various tasks. According to web application security specialists, the large data centers that provide cloud services (including large technology companies) resort to the use of FPGA. The use of these services is usually considered to be very safe; however, specialists from the Karlsruhe Institute of Technology have discovered possible entries for malicious actors to access these services.
While a normal computer chip always performs
the same function, the FPGAs can be programmed to perform almost all functions
performed by a conventional chip, so they are almost always the first choice of
new systems or devices developers. “FPGAs can still be modified if
necessary”, says Dennis Gnad, one of the web application security
investigators.
Thanks to this versatility, FPGAs are
applicable in multiple fields such as smartphone development, network
technology, Internet, medicine and aerospace and automotive engineering. But
one of the largest fields of FPGA application is on server farms controlled by
service providers in the cloud, due to its relatively low energy consumption
compared to other technologies.
The web application security specialist
published a report detailing the security issue that this technology represents
in cloud service deployments: “Simultaneous use of a single FPGA chip
could generate a malicious user’s access point”, mentions Gnad. Exploiting
the versatility of the FPGAs, a hacker with advanced capabilities could perform
a side channel attack.
In a side channel attack, a hacker will try to
collect information about the power consumption of a chip to break its
encryption and, in the case of cloud deployments a malicious client might spy
on others.
According to the specialists from the
International Institute of Cyber Security (IICS) a hacker could not only trace
the energy consumption data of the chip, could even falsify them, thereby altering
the data of other customers’ chips or even block a chip, so all your
information would be lost.
The specialists concluded their report by
adding that other computer chips, such as those used in Internet
of Things devices (IoT), could also be exposed to similar attacks.
