Starbleed bug threatens FPGA chipsets used at data centers, IoT devices around the world

Xilinx chipsets at risk of attack, researchers claim

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Researchers have uncovered a new security bug allowing attackers to extract data by tampering with the configuration files of small integrated circuit boards found in many desktops and high-performance servers.

The new bug, dubbed ‘Starbleed’, allows physical and remote access attacks on chipsets manufactured by Xilinx, resulting in the extraction of data and tampering with the files to reprogram the chip with malicious code.

The Xilinx Field Programmable Gate Array (FPGA) chipsets are used as add-in cards on regular desktops, servers and even as standalone systems. These small integrated circuit boards run specific code programmed inside the FPGA by the device owner to suit their specific requirements.

Starbleed

Starbleed

Researchers at the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and the Max Planck Institute for Security and Privacy believe that the FPGA chips are now found in several critical applications such as data centers to mobile base stations and encrypted USB sticks.

The re-programmability of the chipsets brings the decisive advantage as users can load their own configurations that get stored and loaded in encrypted fashion from an external medium like the SRAM non-volatile memory or in the form of an external microcontroller firmware.

The team found this vulnerability to exist in FGPA chipsets like the 7 series and the 6 series sold by Xilinx. They said the Starbleed allows attackers to crack the encrypted configurations within the chip and tamper with the operations stored inside in order to load malware.

Christof Paar, a professor at the Max Planck Institute for Security and Privacy says there is no way to fix these issues except to replace the FPGA, given that the encryption and the bitstream mechanism work at the hardware level and require a redesign of the chip.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

On its part, Xilinx responded positively to the vulnerability that the team reported last September. The manufacturer notified customers to take steps to ensure that the threat actors did not have physical access to the FPGA components and their configuration ports. Moreover, the new generation of Xilinx UltraScale boards are not susceptible to such attacks, the team said.

Via:Helpnetsecurity

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.

A new form of macOS malware is being used by devious North Korean hackers

Ulefone Armor 27T Pro rugged phone review

We might have our first look at the long-rumored Samsung tri-fold