Earlier today, researchers at Cambridge University found that a particular FPGA microchip, made by Microsemi/Actel in China, that’s commonly used by the US military happened to have a backdoor built into it which would essentially allow anyone with the necessary knowledge to re-program it the way they saw fit. The chip is mostly used in many systems in the military from weapons, nuclear power plants to even transport. This raised quite a row about hardware assurance in the tech and semiconductor community as well as online social networks like Twitter. While initial allegations were aimed at Chinese manufacturers, a report by Errata Security now states that the Chinese had nothing to with this after all and there is no proof or evidence that their intentions were malicious. According to Sergei Skorobogatov  of Quo Vadis Labs at Cambridge University, “Our aim was to perform advanced code breaking and to see if there were any unexpected features on the (US Military) chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.”

Falsely accused?

Falsely accused?

It’s easy to see why everyone would point fingers at China but the fact of the matter is backdoors or debugging features are usually built into microchips to allow for quick diagnostics and trouble shooting. This debug feature is usually removed before it’s shipped to customers. New microchips nowadays are usually built from building blocks rather than from scratch. One of these building blocks is the JTAG block which is used for debugging. The reason why there was an uproar is that a chip designed for military use with a debugger on board can very easily be cloned to make a hindered or thousand more chips. Competitors or worse still, terrorists groups, could easily have intercepted this and made copies which could pose a very serious security threat. We still don’t have any reply from the vendor yet regarding this issue.

Tags: , , , , , , , , , , ,