Xilinx 7-series and some 6-series FPGAs are discovered to be vulnerable to new Starbleed vulnerability. It’s a new security bug that impacts Xilinx FPGA (Field Programmable Gate Arrays) chipsets. Named Starbleed, the bug allows attackers — with both physical or remote access — to extract and tamper with an FGPA’s bitstream (configuration file) to reprogram the chip with malicious code. FPGAs are add-in cards that can be added to a computer system, (such as a regular desktop, a high-performance server) or can be used as standalone systems. They are small integrated circuit boards designed to run very specific code that is programmed inside the FPGA by the device owner based on their own needs.
FPGAs are used to optimize performance by running certain operations on the FPGA instead of the main CPU, and then pass the results back to the CPU. FPGAs are also used as a separate system-on-a-chip (SoC) that can be used to power smart devices or critical infrastructure equipment. FPGA chips can be found in many safety-critical applications today, from cloud data centers and mobile phone base stations to encrypted USB-sticks and industrial control systems. Their decisive advantage lies in their reprogrammability compared to conventional hardware chips with their fixed functionalities. Researchers say the Starbleed vulnerability allows an attacker to crack the bitstream encryption and tamper with the operations stored inside the bitstream, allowing the attacker to load their own malicious code on vulnerable devices.
Starbleed attacks require physical access to the FPGA’s JTAG port; however, if the FPGA bitstream is loaded from a microcontroller or another network source, attacks can be carried out remotely by targeting the location from where the bitstream is loaded, which in many cases may be available over a network or the internet. The new generation of Xilinx UltraScale boards is not susceptible to this attack.
Malicious code execution on vulnerable devices