Scientists at Ruhr-Universitat Bochumâs Horst Gortz Institute for Information Technology Security in partnership with the Max Planck Institute for Security and Privacy in Germany have together discovered what they describe as a critical vulnerability in popular field-programmable gate array (FPGA) chips.
What is the âStarbleedâ Vulnerability?
Due to how flexible and reprogrammable they are in contrast to conventional chips with fixed functionalities designed for a single purpose, FPGAs are highly popular. They can be found in many safety-critical and high-level applications, such as industrial control systems, cloud data centers, and mobile base stations.
To protect against attacks, an FPGAâs bitstream is secured by encryption methods. However, the German researchers were able to bypass this encryption by exploiting a bug they have discovered and named âStarbleedâ.
Starbleed was discovered by the researchers when they were analyzing FPGAs from one of a number of leading FPGA manufacturers. It allows hackers to gain complete control over FPGAs and commandeer their functionalities. Unfortunately, because the Starbleed bug is built directly into the FPGAâs architecture, the security risk it poses can only be solved by replacing the entire chip.
The "Starbleed" security bug identified by German researchers enables remote and complete control over FPGA chip function
Bypassing the Bitstreamâs Encryption
To bypass the encryption and decrypt the chipâs contents, the research team took advantage of the chipâs ability to be reprogrammed. They did this by using an update and fallback feature built into the FPGA itself. This allowed them to manipulate the encrypted bitstream during the configuration process by redirecting decrypted content to the WBSTAR configuration register, which can be read out after a reset.
A Considerable Issue for FPGA Security
This obviously poses a serious problem for those using FPGAs, particularly where they are deployed in critical applications. If an attacker is able to access the bitstream and gain complete control of an FPGA and its functionality, they would not only be able to access everything that is stored on the chip but also manipulate it too.
Although a great deal of knowledge and skill is required to pull off an attack of this nature, the researchers have shown that it is possible. Whatâs more, there is the potential for an attack to be carried out remotely depending on where an FPGA is deployed and how it is used.
Alerting FPGA Manufacturers
The researchers are due to present the results of their work in its entirety, including more details surrounding the specifics of the Starbleed vulnerability at the Usenix Security Symposium this August in Boston, Massachusetts, USA. In the meantime, and quite understandably, the bugâs gritty details are being kept on the down-low and disclosed only to FPGA manufacturers.