¡¥Backdoor¡¦ in
made-in-China computer chip threatens US military: scientists
By J. Michael Cole / Staff reporter
A computer chip manufactured in China that is used in US military equipment
contains a secret ¡§backdoor¡¨ that could severely compromise security, a team of
scientists from Cambridge University says.
In a recent report, Sergei Skorobogatov, a senior research associate at the
University of Cambridge¡¦s computer laboratory, wrote that his team had developed
silicon chip scanning technology that allowed them to investigate claims by
various intelligence services worldwide that silicon chips could be infected by
malware, such as Stuxnet, that can allow a third party to gain access to or
transmit confidential data.
Unlike software, no means currently exist to protect hardware against viruses or
Trojan horses, a critical vulnerability for defense systems that are
hardware-reliant.
For its research, Skorobogatov¡¦s team selected a chip that was manufactured in
China and is used by the US military. The chip, which is prevalent in many
systems used in weapons, nuclear power plants and public transport, was
considered highly secure and used sophisticated encryption standards.
After performing advanced code breaking, the team found a backdoor they say had
been inserted by the manufacturer.
¡§This backdoor has a key, which we were able to extract,¡¨ Skorobogatov wrote on
his Web site, discussing what he referred to as hardware assurance. ¡§If you use
this key you can disable the chip or reprogram it at will, even if locked by the
user with their own key.¡¨
The backdoor access could be turned into an advanced Stuxnet weapon to attack
potentially millions of systems, he wrote, adding that the scale and range of
the attacks that could be launched using it had huge implications for national
security and public infrastructure.
The Cambridge team did not specify the Chinese manufacturer, nor did it mention
whether this was an isolated case or signs of a wider trend, according to the
online-based The Next Web.
Reports last year claimed that the US Navy had purchased 59,000 microchips in
2010 for use in missiles and transponders that turned out to be counterfeits
from China. According to Wired magazine, the fake chips also contained
¡§backdoors¡¨ that could have allowed a third party to remotely disable them at
any time, severely compromising homing systems and friend-or-foe signals used by
aircraft.
The discovery prompted the Intelligence Advanced Research Projects Agency to
seek ways to scan hardware ¡X including computer chips ¡X for the presence of
malware installed during the production process.
|