Scientists at Ruhr-Universitat Bochum’s Horst Gortz Institute for Information Technology Security in partnership with the Max Planck Institute for Security and Privacy in Germany have together discovered what they describe as a critical vulnerability in popular field-programmable gate array (FPGA) chips.
What is the ‘Starbleed’ Vulnerability?
Due to how flexible and reprogrammable they are in contrast to conventional chips with fixed functionalities designed for a single purpose, FPGAs are highly popular. They can be found in many safety-critical and high-level applications, such as industrial control systems, cloud data centers, and mobile base stations.
To protect against attacks, an FPGA’s bitstream is secured by encryption methods. However, the German researchers were able to bypass this encryption by exploiting a bug they have discovered and named “Starbleed”.
Starbleed was discovered by the researchers when they were analyzing FPGAs from one of a number of leading FPGA manufacturers. It allows hackers to gain complete control over FPGAs and commandeer their functionalities. Unfortunately, because the Starbleed bug is built directly into the FPGA’s architecture, the security risk it poses can only be solved by replacing the entire chip.
The "Starbleed" security bug identified by German researchers enables remote and complete control over FPGA chip function
Bypassing the Bitstream’s Encryption
To bypass the encryption and decrypt the chip’s contents, the research team took advantage of the chip’s ability to be reprogrammed. They did this by using an update and fallback feature built into the FPGA itself. This allowed them to manipulate the encrypted bitstream during the configuration process by redirecting decrypted content to the WBSTAR configuration register, which can be read out after a reset.
A Considerable Issue for FPGA Security
This obviously poses a serious problem for those using FPGAs, particularly where they are deployed in critical applications. If an attacker is able to access the bitstream and gain complete control of an FPGA and its functionality, they would not only be able to access everything that is stored on the chip but also manipulate it too.
Although a great deal of knowledge and skill is required to pull off an attack of this nature, the researchers have shown that it is possible. What’s more, there is the potential for an attack to be carried out remotely depending on where an FPGA is deployed and how it is used.
Alerting FPGA Manufacturers
The researchers are due to present the results of their work in its entirety, including more details surrounding the specifics of the Starbleed vulnerability at the Usenix Security Symposium this August in Boston, Massachusetts, USA. In the meantime, and quite understandably, the bug’s gritty details are being kept on the down-low and disclosed only to FPGA manufacturers.