Security backdoor found in China-made US military chip

US military chip vulnerable to "IP theft, fraud and Trojans", researchers findCambridge University researchers find that a microprocessor used by the US military but made in China contains secret remote access capability

A microchip used by the US military and manufactured in China contains a secret “backdoor” that means it can be shut off or reprogrammed without the user knowing, according to researchers at Cambridge University’s Computing Laboratory.

UPDATE: However, one security consultancy has said that the implication that the backdoor might have been secretly inserted by the Chinese manufacturer is “bogus”, and that malicious intent is unlikely.

In a draft paper, Cambridge University researcher Sergei Skorobogatov wrote that the chip in question is widely used in military and industrial applications. The “backdoor” means it is “wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan”, they said.

The discovery was made during testing of a new technique to extract the encryption key from chips, developed by Cambridge spin-off Quo Vadis Labs. The “bug” is in the actual chip itself, Skorobogatov wrote, rather than the firmware installed on the devices that use it, meaning there is no way to fix it than to replace the chip altogether.

“The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,” wrote Skorobogatov.

More…

    
Plugin by: PHP Freelancer
This entry was posted in Editorial, War and tagged , , , , . Bookmark the permalink.
0 0 votes
Article Rating
1 Comment
Oldest
Newest
Inline Feedbacks
View all comments
Hans
Hans
12 years ago

And this threat extends beyond the military, to civilian aircraft systems …

http://www.guardian.co.uk/technology/2012/may/29/cyber-attack-concerns-boeing-chip

“Among applications where the ProASIC3 are used are remote surveillance systems, drones, and for flight-critical applications on the new Boeing 787 Dreamliner.

Actel did not respond to requests for comment by the time of publication.

Rik Ferguson, director of security research at the online security company Trend Micro, said: “This kind of flaw that gives somebody access right into the device has inherent flaws. The fact that it’s in the hardware will certainly make it harder – if not impossible – to eradicate.