Rewterz Threat Alert – COVID-19 Phishing Email Campaign
April 21, 2020Rewterz Threat Alert – APT41 (PIGFISH) Global Campaign Continues
April 21, 2020Rewterz Threat Alert – COVID-19 Phishing Email Campaign
April 21, 2020Rewterz Threat Alert – APT41 (PIGFISH) Global Campaign Continues
April 21, 2020Severity
Medium
Analysis Summary
Xilinx 7-series and some 6-series FPGAs are discovered to be vulnerable to new Starbleed vulnerability. It’s a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. FPGAs are add-in cards that can be added to a computer system, (such as a regular desktop, a high-performance server) or can be used as standalone systems. They are small integrated circuit boards designed to run very specific code that is programmed inside the FPGA by the device owner based on their own needs.
FPGAs are used to optimize performance by running certain operations on the FPGA instead of the main CPU, and then pass the results back to the CPU. FPGAs are also used as a separate system-on-a-chip (SoC) that can be used to power smart devices or critical infrastructure equipment. FPGA chips can be found in many safety-critical applications today, from cloud data centers and mobile phone base stations to encrypted USB-sticks and industrial control systems. Their decisive advantage lies in their reprogrammability compared to conventional hardware chips with their fixed functionalities. Researchers say the Starbleed vulnerability allows an attacker to crack the bitstream encryption and tamper with the operations stored inside the bitstream, allowing the attacker to load their own malicious code on vulnerable devices.
Starbleed attacks require physical access to the FPGA’s JTAG port; however, if the FPGA bitstream is loaded from a microcontroller or another network source, attacks can be carried out remotely by targeting the location from where the bitstream is loaded, which in many cases may be available over a network or the internet. The new generation of Xilinx UltraScale boards is not susceptible to this attack.
Impact
Malicious code execution on vulnerable devices
Affected Products
- Xilinx 7-series FPGA chips
- Some 6-series FPGA chips
Remediation
- Take measures to ensure that threat actors don’t have physical access to FPGA components and their debugging/configuration ports.
- Consider replacing the FPGA altogether, as the encryption and bitstream mechanism is designed to work at a hardware level and would require a silicon chip redesign.
- Use a chipset that uses a more advanced encryption scheme for the bitstream configuration.