Experts discovered cloud services hardware vulnerabilities

Field programmable gate arrays (FPGA) are electronic devices that can be configured to perform various tasks. According to web application security specialists, the large data centers that provide cloud services (including large technology companies) resort to the use of FPGA. The use of these services is usually considered to be very safe; however, specialists from the Karlsruhe Institute of Technology have discovered possible entries for malicious actors to access these services.

While a normal computer chip always performs the same function, the FPGAs can be programmed to perform almost all functions performed by a conventional chip, so they are almost always the first choice of new systems or devices developers. “FPGAs can still be modified if necessary”, says Dennis Gnad, one of the web application security investigators.

Thanks to this versatility, FPGAs are applicable in multiple fields such as smartphone development, network technology, Internet, medicine and aerospace and automotive engineering. But one of the largest fields of FPGA application is on server farms controlled by service providers in the cloud, due to its relatively low energy consumption compared to other technologies.

The web application security specialist published a report detailing the security issue that this technology represents in cloud service deployments: “Simultaneous use of a single FPGA chip could generate a malicious user’s access point”, mentions Gnad. Exploiting the versatility of the FPGAs, a hacker with advanced capabilities could perform a side channel attack.

In a side channel attack, a hacker will try to collect information about the power consumption of a chip to break its encryption and, in the case of cloud deployments a malicious client might spy on others.

According to the specialists from the International Institute of Cyber Security (IICS) a hacker could not only trace the energy consumption data of the chip, could even falsify them, thereby altering the data of other customers’ chips or even block a chip, so all your information would be lost.

The specialists concluded their report by adding that other computer chips, such as those used in Internet of Things devices (IoT), could also be exposed to similar attacks.