Critical 'starbleed' vulnerability in chips identified

[erek]

Hmm, bogus. Wonder how big of an impact this will be, or if it's limited

"To overcome the encryption, the research team took advantage of the central property of the FPGAs: the possibility of reprogramming. This is done by an update and fallback feature in the FPGA itself, which revealed itself as a weakness and gateway. The scientists were able to manipulate the encrypted bitstream during the configuration process to redirect its decrypted content to the WBSTAR configuration register, which can be read out after a reset.

Thus, the advantage of individually reprogramming the chips turns into a disadvantage, as the scientists show in their research work - with severe consequences: "If an attacker gains access to the bitstream, he also gains complete control over the FPGA. Intellectual properties included in the bitstream can be stolen. It is also possible to insert hardware Trojans into the FPGA by manipulating the bitstream. Since the security gap is located in the hardware itself, it can only be closed by replacing the chip," explains Christof Paar, adding: "Although detailed knowledge is required, an attack can eventually be carried out remotely, the attacker does not even have to have physical access to the FPGA.""

https://www.eurekalert.org/pub_releases/2020-04/rb-cv041620.php

 

[clockdogg]

Wow! Going to rip out all the FPGAs in my systems, ASAP.

 

[Ceph92]

This might be a big threat to bitcoin miners, don't they use fpgas?

 

[Absalom]

Wow! Going to rip out all the FPGAs in my systems, ASAP.

All zero of them?

Actually, if you have a display panel with an actual GSync module, it's most likely using an FPGA. However, I highly doubt Nvidia populates the pins required for programming.

 

[clockdogg]

All zero of them?

Yes. All zero of them. Will be time-consuming... but this is the time to make big deals out of nothing.

Actually, if you have a display panel with an actual GSync module, it's most likely using an FPGA. However, I highly doubt Nvidia populates the pins required for programming.

And rip out the LCD panels. Pull the CRTs out of the landfills and test the earthing on the flyback transformers for FPGA contamination.

 

[KD5ZXG]

Dunno which FPGA they speak of. All the ones I mess with are like a blank slate that loads from USB or external eeprom.
Must have integrated bootloader that can be remotely corrupted? This "vulnerability" doesn't smell exploitable...

 

[GiGaBiTe]

This might be a big threat to bitcoin miners, don't they use fpgas?

Really old Bitcoin miners use FPGAs, but they've long since moved to ASICs. They may use some FPGAs to control all of the ASICs though.

 

[BinarySynapse]

Really old Bitcoin miners use FPGAs, but they've long since moved to ASICs. They may use some FPGAs to control all of the ASICs though.

They do.

 

[Sycraft]

If you want an example of a pretty common area for FPGAs that are reprogrammable in the consumer device, AV equipment, in particular receivers and TVs very commonly use FPGAs and usually they can be reprogrammed. That's actually part of the reason they use them is not just to avoid having to spin a dedicated chip, but because it means functionality at the hardware level can be changed later, as needed.

You don't see them in computers much because computers have such a powerful CPU that you do most everything in software, but they get a lot of use in consumer devices.

 

[Trigger]

2020 keeps delivering the good news.

 

[EniGmA1987]

You cannot just burn a section of an FPGA randomly with your new code. It will very likely cause the whole thing to be useless unless you know the full detailed architecture of the FPGA you are trying to target. This would make the attack far more limited.

 

[FLECOM]

ya this is probably more of a state-level type thing, someone trying to hack an FPGA in a VPN appliance or something

 

[Lakados]

ya this is probably more of a state-level type thing, someone trying to hack an FPGA in a VPN appliance or something

Basically that, probably trying to find a way in to steal more crypto coins, there is no money in breaking a random VPN.

 

[serpretetsky]

Dunno which FPGA they speak of. All the ones I mess with are like a blank slate that loads from USB or external eeprom.
Must have integrated bootloader that can be remotely corrupted? This "vulnerability" doesn't smell exploitable...

Sorry I decided to stalk your posts from the ATX12VO thread .
Anyways, I'm kind of late, but many modern FPGAs have a bitstream encryption /authentication configuration. With authentication, the FPGA should only run a bitstream that is cryptographically signed by an authorized user. With encryption the bitstream should be indecipherable to anyone but the internal FPGA logic (and the original authors of the bitstream).

The encrypted and/or signed bitstream is loaded into the flash (external or internal, some fpga's have internal flash...). The fpga must decrypt and/or authenticate the bitstream before programming its sram on powerup.

This paper is directly attacking those functions ( I think specifically the encryption function). This makes those features useless.