Researchers have uncovered a new security bug allowing attackers to extract data by tampering with the configuration files of small integrated circuit boards found in many desktops and high-performance servers.
The new bug, dubbed ‘Starbleed’, allows physical and remote access attacks on chipsets manufactured by Xilinx, resulting in the extraction of data and tampering with the files to reprogram the chip with malicious code.
The Xilinx Field Programmable Gate Array (FPGA) chipsets are used as add-in cards on regular desktops, servers and even as standalone systems. These small integrated circuit boards run specific code programmed inside the FPGA by the device owner to suit their specific requirements.
Researchers at the Horst Görtz Institute for IT Security at Ruhr-Universität Bochum and the Max Planck Institute for Security and Privacy believe that the FPGA chips are now found in several critical applications such as data centers to mobile base stations and encrypted USB sticks.
The re-programmability of the chipsets brings the decisive advantage as users can load their own configurations that get stored and loaded in encrypted fashion from an external medium like the SRAM non-volatile memory or in the form of an external microcontroller firmware.
The team found this vulnerability to exist in FGPA chipsets like the 7 series and the 6 series sold by Xilinx. They said the Starbleed allows attackers to crack the encrypted configurations within the chip and tamper with the operations stored inside in order to load malware.
Christof Paar, a professor at the Max Planck Institute for Security and Privacy says there is no way to fix these issues except to replace the FPGA, given that the encryption and the bitstream mechanism work at the hardware level and require a redesign of the chip.
On its part, Xilinx responded positively to the vulnerability that the team reported last September. The manufacturer notified customers to take steps to ensure that the threat actors did not have physical access to the FPGA components and their configuration ports. Moreover, the new generation of Xilinx UltraScale boards are not susceptible to such attacks, the team said.