A microchip used by the US military and manufactured in China contains a secret “backdoor” that means it can be shut off or reprogrammed without the user knowing, according to researchers at Cambridge University’s Computing Laboratory.
UPDATE: However, one security consultancy has said that the implication that the backdoor might have been secretly inserted by the Chinese manufacturer is “bogus”, and that malicious intent is unlikely.
In a draft paper, Cambridge University researcher Sergei Skorobogatov wrote that the chip in question is widely used in military and industrial applications. The “backdoor” means it is “wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan”, they said.
The discovery was made during testing of a new technique to extract the encryption key from chips, developed by Cambridge spin-off Quo Vadis Labs. The “bug” is in the actual chip itself, Skorobogatov wrote, rather than the firmware installed on the devices that use it, meaning there is no way to fix it than to replace the chip altogether.
“The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,” wrote Skorobogatov.
However, Robert Graham, of US security consultancy Errata Security, wrote yesterday that the backdoor is unlikely to have been added maliciously. He claims that the entry route discovered by Skorobogotov is likely to be a debugging tool deliberately installed by the manufacturer.
“It’s remotely possible that the Chinese manufacturer added the functionality, but highly improbable. It’s prohibitively difficult to change a chip design to add functionality of this complexity.”
He also questioned the description of the chip as “military grade”. “The military uses a lot of commercial, off-the-shelf products. That doesn’t mean there is anything special about it.”
Graham writes that the backdoor could pose a security threat, however. “It not only allows the original manufacturer to steal intellectual-property, but any other secrets you tried to protect with the original [encryption] key.”