Starbleed: Low-level security gap in hardware of many IT and OT systems

25. May, 2020

Field Programmable Gate Arrays (FPGAs) are programmable additional circuits. They are often key components of security-relevant system functions and are used, for example, in servers in data centers, in routers or in firewalls. They are also frequently found in workstation computers and more complex industrial and IoT systems, where they monitor and control essential logical functions.

A big advantage of FPGA chips is the flexible programming of the required logical connections and functions. In contrast to fixed logic circuits, the same device can be configured differently and can also be expanded or adapted afterwards. The configuration is mapped via the so-called “bitstream” and secured by encryption to prevent unauthorized access and manipulation.

Fundamental weakness in chip design

Until now, FPGA chips were considered very secure, which is why they were often used for deep system functions. However, a joint research project by the Horst Götz Institute at the Ruhr University of Bochum and the Max Planck Institute demonstrates a fundamental security gap.[1] The special feature of this weakness, known as ” Starbleed”, is that the problem lies in the design of the chips and can only be solved by replacing them.

The error in the programming and update process allows functions to be read out and modified program sequences to be inserted. Theoretically, the vulnerability can also be exploited remotely. The tools required for an attack are usually available directly in the affected systems.

Manufacturer provides recommendations for protection

In a statement, Xilinx as the manufacturer of the affected chips confirms the basic findings of the researchers, but also points out how important system-related safeguards of the access and programming interfaces are. In accordance with the recommendations, the components should only have protected remote access options.

Subsequent protection of affected systems should be at least partially possible. For critical systems that cannot receive an update or patch, the only option is to replace or physically upgrade the affected subcomponents, e.g. the mainboard. Newer versions of the FPGA chips should not be vulnerable. [2]

It is therefore particularly important in the first step to identify the systems affected by the vulnerability in order to make appropriate decisions and initiate necessary measures. Please refer to the publications of your suppliers!

[1] https://www.usenix.org/conference/usenixsecurity20/presentation/ender

[2] https://www.zdnet.com/article/starbleed-bug-impacts-fpga-chips-used-in-data-centers-iot-devices-industrial-equipment/

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download