NEWS STARBLEED VULNERABILITY
Samsung to use
Versal ACAPs in
5G deployments
Xilinx has announced that its Versal
adaptive compute acceleration platform
(ACAP) is to be used by Samsung for
worldwide 5G commercial deployments.
Versal ACAPs provide a fl exible and
scalable platform that is able to address
multiple operator requirements across
multiple geographies.
“Samsung has been working closely
with Xilinx, paving the way for enhancing
our 5G technical leadership and opening
up a new era in 5G,” explained Jaeho Jeon,
executive vice president and head of R&D,
Networks business, Samsung Electronics.
“Taking a step further by applying Xilinx’s
new advanced platform to our solutions,
we expect to increase 5G performance and
accelerate our leadership position in the
global market.”
Versal ACAP is a highly-integrated,
multicore, heterogeneous compute platform,
and is used at the heart of 5G to perform
complex, real-time signal processing,
including sophisticated beamforming
techniques that are used to increase
network capacity.
Critical ‘starbleed’ vulnerability
found in FPGA chips
RESEARCHERS IDENTIFY A CRITICAL VULNERABILITY
HIDDEN IN FPGAS. NEIL TYLER REPORTS
Scientists from the Horst Görtz Institute for IT Security at Ruhr-
Universität Bochum and from Max Planck Institute for Security and
Privacy have discovered a critical vulnerability hidden inside Field
Programmable Gate Arrays (FPGAs).
The security bug, named “Starbleed”, enables attackers to gain
complete control over the chips and their functionalities via the vulnerability. Since the
bug is integrated into the hardware, the security risk can only be removed by replacing the chips.
Xilinx, the manufacturer of the FPGAs, has been informed by the researchers and has already
reacted to the threat.
The linchpin of FPGAs is the bitstream, a le that is used to program the FPGA. In order to
protect it adequately against attacks, the bitstream is secured by encryption methods and it was
that Dr. Amir Moradi and Maik Ender from Horst Görtz Institute, in cooperation with Professor
Christof Paar from the Max Planck Institute in Bochum, Germany, were able to decrypt, gaining
access to the le content and modifying it.
The scientists analysed FPGAs from Xilinx and found that the “Starbleed” vulnerability affected
the company’s 7-series FPGAs and the four FPGA families Spartan, Artix, Kintex and Virtex as
well as the previous version Virtex-6.“We informed Xilinx about this vulnerability and subsequently
worked closely with them during the vulnerability disclosure process. Furthermore, it appears
highly unlikely that this vulnerability will occur in the manufacturer’s latest series,” reported Amir
Moradi. Xilinx will also publish information on its website for affected customers.
To overcome the encryption, the research team took advantage of the central property of
the FPGAs: the possibility of reprogramming. This is done by an update and fallback feature in
the FPGA itself, which revealed itself as a weakness and gateway. The scientists were able to
manipulate the encrypted bitstream during the con guration process to redirect its decrypted
content to the WBSTAR con guration register, which can be read out after a reset.
“If an attacker gains access to the bitstream, he also gains complete control over the FPGA. It
is also possible to insert hardware Trojans into the FPGA by manipulating the bitstream,”explained
Christof Paar.
However, as the security gap is located in the hardware itself, a Xilinx spokesperson said
that the only proven way to perform the so-called “Starbleed” attack was to have close, physical
access to the system.“It is important to recognise that when an adversary has close, physical
access to the system there are many other threats to be concerned about. We advise all of our
customers that they should design their systems with tamper protection such that close, physical
access is dif cult to achieve.”
•The security researchers will present the results of their work at the 29th Usenix Security
Symposium to be held in August in Boston, Massachusetts, USA
Qualcomm and BOE announce collaboration
Qualcomm Technologies and BOE Technology
Group, a display specialist, are establishing
a strategic collaboration to develop display
products featuring Qualcomm 3D Sonic
ultrasonic ngerprint sensors.
The collaboration is expected to
extend from mobile and associated 5G
technologies to XR and IoT and will look to
deliver consumers improved levels of device
performance as a result of the integration of
the companies’ multiple key technologies,
including sensors, antennae, display and
picture processing.
Both companies have already started
working on incorporating value-added and
distinctive features to BOE’s exible OLED
panels, including Qualcomm’s 3D Sonic
sensor bringing a more streamlined solution,
enabling smartphone OEMs to create more
differentiated products using the thinnest and
highest security ngerprint solution currently
on the market.
Other bene ts from the collaboration
include a more streamlined supply chain and
reduced BoM and R&D expenses. Based on
the collaboration, BOE will offer integrated
displays with Qualcomm 3D Sonic ngerprint
sensors and commercial devices featuring
this integrated solution are expected to be
available in the second half of 2020.
8 28 April 2020 www.newelectronics.co.uk
/www.newelectronics.co.uk