IT Security

Researchers Uncover New Security Vulnerability in FPGA Chips

Our digital world relies on a wide range of hardware components. In addition to traditional processors, FPGAs (Field Programmable Gate Arrays) are increasingly used in 5G networks, the automotive industry, and for secure cryptographic processing of sensitive data. Researchers from Ruhr University Bochum, in collaboration with a team from the Worcester Polytechnic Institute, have now introduced a novel method that exposes a security vulnerability in FPGAs, potentially putting confidential data at risk. The study was published on September 30, 2025, on the ArXiv.org platform. 

Hardware inherently produces side information during operation, such as power consumption or timing behavior. Attackers can exploit these signals in side-channel attacks to, for example, reconstruct cryptographic keys. In their paper “Chynopsis”, to be presented at the IEEE Symposium on Security and Privacy 2026, Professor Yuval Yarom and Dr. Robbie Dumitru, along with WPI collaborators, demonstrate how FPGAs can be put into a controlled sleep state without triggering built-in security mechanisms, such as the “Alert Handler.”

Bypass the protective barrier in a targeted manner

Modern FPGAs are equipped with clock and voltage sensors as well as data-clearing mechanisms designed to protect sensitive information. Chynopsis circumvents these defenses deliberately: By rapidly and precisely lowering the supply voltage (undervolting), the FPGA’s clock logic effectively stops while stored values, such as cryptographic keys, remain intact. “We aim to put the FPGA into a sleep state, hence the name Chynopsis, a portmanteau of ‘chip’ and ‘hypnosis’,” explains Yarom. The sensors often fail to react quickly enough to the abrupt voltage drop, preventing clearing or alarm routines from being triggered.

This creates a window during which attackers can probe the hardware in detail. Using specialized measurement techniques, such as laser logic state imaging (LLSI) or electrical impedance analysis, it becomes possible to extract data – e.g., secret keys used for secure authentication – which remains stored on the chip.
The researchers demonstrated that this attack is not merely theoretical: they successfully targeted OpenTitan FPGA implementations and bypassed the Alert Handler, which normally responds to such threats. The vulnerability was reported to two FPGA manufacturers, AMD (formerly Xilinx) and Microchip, through a responsible disclosure process. At the same time, the team provided and validated a concrete proposal for mitigating the issue, aiming to improve the security of both future and currently deployed FPGAs.