The research was conducted on Xilinx FPGAs and several series of devices shown to be vulnerable although it does require the hacker to have access to the configuration port of the FPGA. In theory, for wirelessly connected systems it could be possible to exploit the vulnerability remotely. The authors say they have informed Xilinx about the vulnerability.
The researchers have called the bug 'Starbleed' because they have found a way to redirect bitstream information to the WBSTAR configuration register, which can then be readout after a reset.
Using this method, the researchers have shown that it is possible to gain complete control over the chips and their functionality. This could include the theft of IP or the injection of 'Trojan horse' circuitry. And since the bug is in hardware it cannot be patched with software and the only fundamental solution is to replace the chips, the researchers said.
A research paper on the topic has been accepted for the Usenix Security Symposium, Boston, Massachusetts, 2020 due to take place in Boston, Massachusetts, in August 2020: 'The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs'.
In the paper the authors discuss attacks on the encrypted programming bitstream for Xilinx 7-Series (and Virtex-6) FPGAs. The FPGA is itself used to decrypt its bitstream. The authors state that the attack does not require sophisticated tools and only requires access to the configuration port. Depending on the system architecture an attack could be launched remotely, the authors say. In addition to the attacks, the authors discuss countermeasures in the paper.
Next: Xilinx responds