Tuesday, May 29, 2012

‘Backdoor’ in made-in-China computer chip threatens US military

No current means exists to protect hardware from viruses
The backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems 

A computer chip manufactured in China that is used in US military equipment contains a secret “backdoor” that could severely compromise security, a team of scientists from Cambridge University says. 

In a recent report, Sergei Skorobogatov, a senior research associate at the University of Cambridge’s computer laboratory, wrote that his team had developed silicon chip scanning technology that allowed them to investigate claims by various intelligence services worldwide that silicon chips could be infected by malware, such as Stuxnet, that can allow a third party to gain access to or transmit confidential data. 

Unlike software, no means currently exist to protect hardware against viruses or Trojan horses, a critical vulnerability for defense systems that are hardware-reliant. 

For its research, Skorobogatov’s team selected a chip that was manufactured in China and is used by the US military. The chip, which is prevalent in many systems used in weapons, nuclear power plants and public transport, was considered highly secure and used sophisticated encryption standards. After performing advanced code breaking, the team found a backdoor they say had been inserted by the manufacturer. 

My article, published today in the Taipei Times, continues here.

1 comment:

Mike Fagan said...

A large part of the problem surely is the procurement process for companies working under the umbrella of the U.S. military - simply buying ready-made chips out of Chinese foundries (and then checking them out later for known problems) rather than breaking up the production process across several jurisdictions to try to get the best trade off between risk reduction and cost reduction.

I can remember reading a discussion sometime last year on outsourcing manufacture of parts for commercial products to Chinese FABs. There was some bitching about low quality and the Chinese not following the design specs properly, but the guy who owned the thread made the point that the poor quality was most likely the result of poor procurement processes. He by and large got good products out of the Chinese by specifying alternative materials that he knew would be relatively easier for them to source. By taking a far more proactive approach to procurement, it may be that the Yanks can reduce the liklihood of getting both defective components and malware infested components.