Security backdoor found in China-made US military chip

A microchip used by the US military and manufactured in China contains a secret "backdoor" that means it can be shut off or reprogrammed without the user knowing, according to researchers at Cambridge University's Computing Laboratory.

 Security backdoor found in China-made US military chip

A microchip used by the US military and manufactured in China contains a secret "backdoor" that means it can be shut off or reprogrammed without the user knowing, according to researchers at Cambridge University's Computing Laboratory.

UPDATE: However, one security consultancy has said that the implication that the backdoor might have been secretly inserted by the Chinese manufacturer is "bogus", and that malicious intent is unlikely.

In a draft paper, Cambridge University researcher Sergei Skorobogatov wrote that the chip in question is widely used in military and industrial applications. The "backdoor" means it is "wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan", they said.

The discovery was made during testing of a new technique to extract the encryption key from chips, developed by Cambridge spin-off Quo Vadis Labs. The "bug" is in the actual chip itself, Skorobogatov wrote, rather than the firmware installed on the devices that use it, meaning there is no way to fix it than to replace the chip altogether.

"The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry," wrote Skorobogatov.

 

However, Robert Graham, of US security consultancy Errata Security, wrote yesterday that the backdoor is unlikely to have been added maliciously. He claims that the entry route discovered by Skorobogotov is likely to be a debugging tool deliberately installed by the manufacturer.

"It's remotely possible that the Chinese manufacturer added the functionality, but highly improbable. It's prohibitively difficult to change a chip design to add functionality of this complexity."

He also questioned the description of the chip as "military grade". "The military uses a lot of commercial, off-the-shelf products. That doesn't mean there is anything special about it."

Graham writes that the backdoor could pose a security threat, however. "It not only allows the original manufacturer to steal intellectual-property, but any other secrets you tried to protect with the original [encryption] key."

Comments (1)

National Review And The Autarky Malarkey – Riverside Green

[…] Again, however, Williamson knows his point is weak, because he uses North Korea and Venezuela as examples rather than, say, Japan or China. Both Japan and China place significant restrictions on what they will permit into the country. Some of these barriers are legal, some are societal, some are cultural, but all of them are far more effective than the weak tariffs we have on goods entering the United States. The Chinese, in particular, have proven to be far smarter than our conservative brain trust here in America. Instead of offering up airy theories about the movement of money or the freedom of commerce, they’ve focused on creating jobs, ramping up manufacturing capacity, and taking vicious advantage of every potential trade imbalance out there. That’s how China went from a “sleeping giant” to the country that created, and can likely enforce, the infamous “nine-dash line”. That’s why the United States military has to seriously worry about the idea that China has backdoored military equipment. […]