A team of academics says they’ve discovered a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets.
Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code.
What are FPGAs?
FPGAs are add-in cards that can be added to a computer system, (such as a regular desktop, a high-performance server) or can be used as standalone systems. They are small integrated circuit boards designed to run very specific code that is programmed inside the FPGA by the device owner based on their own needs.
While once looked upon as an amateur branch of computer programming, FPGAs now account for a huge market, due to the increasing use.
Today, FPGAs are used to optimize performance by running certain operations on the FPGA instead of the main CPU, and then pass the results back to the CPU.
In other cases, FPGAs are also used as a separate system-on-a-chip (SoC) that can be used to power smart devices or critical infrastructure equipment.
“FPGA chips can be found in many safety-critical applications today, from cloud data centers and mobile phone base stations to encrypted USB-sticks and industrial control systems,” academics from the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and the Max Planck Institute for Security and Privacy, said in a press release last week.
“Their decisive advantage lies in their reprogrammability compared to conventional hardware chips with their fixed functionalities,” researchers said.
This “reprogrammability” refers to the fact that users can load their own configurations (suite of operations) that the FPGA will perform. This configuration is called the “bitstream,” and is usually stored and loaded in an encrypted fashion from an external medium — such as SRAM non-volatile memory or from an external microcontroller’s firmware.
The Starbleed vulnerability
In a research paper published last week, academics said they found a security flaw in FPGA chipsets sold by US company Xilinx, today’s FPGA market leader.
Xilinx FPGAs like the 7-series (families Spartan, Artix, Kintex and Virtex) and 6-series (Virtex) were found to be vulnerable.
Researchers say the Starbleed vulnerability allows an attacker to crack the bitstream encryption and tamper with the operations stored inside the bitstream, allowing the attacker to load their own malicious code on vulnerable devices.
“On these devices, the bitstream encryption provides authenticity by using an SHA-256 based HMAC and also provides confidentiality by using CBC-AES-256 for encryption,” researchers said.
“By our attack, we can circumvent the bitstream encryption and decrypt an assumedly secure bitstream on all Xilinx 7-Series devices completely and on the Virtex-6 devices partially.”
Researchers say Starbleed attacks require physical access to the FPGA’s JTAG port; however, if the FPGA bitstream is loaded from a microcontroller or another network source, attacks can be carried out remotely by targeting the location from where the bitstream is loaded, which in many cases may be available over a network or the internet, unlike the FPGAs themselves.
No expensive equipment needed
Researchers also say that the Starbleed attack they came up with is also different from previous exploits.
“The known attacks to the Xilinx bitstream encryption on 7-Series devices are all physical in nature (side-channel analysis, optical contactless probing), and are mostly costly in terms of equipment, time, and technical expertise. Plus, they need physical access to the FPGA,” academics said.
“In contrast, our attack requires only access to a JTAG or SelectMAP interface, which is often available through the debugging nature of the JTAG interface or may be even available via a remote channel.”
While stealing or tampering with an FPGA’s bitstream might seem like overkill or a waste of time, researchers argue that the security of these devices is paramount.
“Intellectual properties included in the bitstream can be stolen. It is also possible to insert hardware Trojans into the FPGA by manipulating the bitstream,” said Christof Paar, a professor at the Max Planck Institute for Security and Privacy.
“Although detailed knowledge is required, an attack can eventually be carried out remotely, the attacker does not even have to have physical access to the FPGA,” Prof. Parr added.
Replacing the chip may be needed in some cases
Parr and his colleagues believe there is no way to fix these issues they found except replacing the FPGA altogether, as the encryption and bitstream mechanism is designed to work at a hardware level and would require a silicon chip redesign.
The research team said they notified Xilinx of the Starbleed vulnerability last year, in September, and that the company responded positively during the reporting process, agreeing to notify customers of the danger.
In a statement provided via email today, Xilinx admitted that the Startbleed attack was possible, but played down the danger.
Instead, the company said it told customers to take measures to ensure that threat actors don’t have physical access to FPGA cmponents and their debugging/configuration ports.
“We have read the paper and have issued a security advisory to our customer addressing it, located here. The only proven way to perform the so-called ‘Starbleed’ attack is to have close, physical access to the system. It is also important to recognize that when an adversary has close, physical access to the system there are many other threats to be concerned about. We advise all of our customers that they should design their systems with tamper protection such that close, physical access is difficult to achieve.”
While some Xilinx FPGAs could be secured against physical access, or scenarios where the bitstream is remotely accessible, not all devices can be protected.
In the case of these devices, if they run critical systems, replacing the chipset with one that uses a more advanced encryption scheme for the bitstream configuration is desired.
The good news is that the new generation of Xilinx UltraScale boards is not susceptible to this attack, according to the research team, so device owners aren’t without options if they need to take this step.
Additional details are available in a research paper [PDF] published last week and titled “The Unpatchable Silicon: A Full Break of the Bitstream Encryption of Xilinx 7-Series FPGAs.”