Slashdot Mirror

← Back to Stories (view on slashdot.org)

Counterfeit Chips Raise New Terror, Hacking Fears

Posted by Zonk on from the its-dah-end-oh-dah-woild dept.

mattnyc99 writes "We've seen overtures by computer manufacturers to build in chip security before, but now Popular Mechanics takes a long look at growing worries over counterfeit chips, from the military and FAA to the Department of Energy and top universities. While there's still never been a fake-chip sabotage or info hack on America by foreign countries or rogue groups, this article suggests just how easy it would be for chips embedded with time-release cripple coding to steal data or bring down a critical network - and how that's got Homeland shaking in its boots (but not Bruce Schneier). While PopMech has an accompanying story on the possible end of cheap gadget manufacturing in China as inflation rates soar there, it's the global hardware business in general that has DoD officials freaking out over chips."

3 of 173 comments (clear)

  1. ARRRGH! TERROR! by Jeremiah+Cornelius · · Score: 5, Insightful

    EVERYTHING is now a "terror threat".

    Do you suppose someone figured out that "terror" is a funding goldmine? That the way to ride this gravy-train was to pump up the volume on the "terror" megaphone?

    It's pretty funny - 'til the unintended consequences land you "in internal exile", or "extraordinary rendition".

    --
    "Flyin' in just a sweet place,
    Never been known to fail..."
  2. Re:TFA by zappepcs · · Score: 5, Insightful

    I think you are pretty much right on target. An errant USB stick with malicious firmware could easily wait until it is plugged into a machine on a network with the desired domain name before releasing a small virus. It is not implausible, nor hard to understand this attack vector. That USB stick might be in the form of a cheap MP3 player.

    Without spraying details all over, there are many more ways to get a small piece of code inside a very secure facility, after which it's game on for the IDS system.

    Even if nothing is found in the wild like this, fear of it might indeed push DRM et al into all manner of devices.

    On the short list: Secure facilities should not be allowing electronic devices into their facilities. period. if they want to stay secure. No DRM should be trusted to fully do this job in such instances of security like are required for the Pentagon, military bases etc.

    Adding DRM to commercial and personal use devices will NOT... repeat NOT increase security.

    --
    Support NYCountryLawyer RIAA vs People
  3. Counterfeit chips not required by OTDR · · Score: 5, Insightful

    One can find genuine reason to be worried with the US military without ever worrying over a problem so clever as counterfeit chips. US DoD has routinely exhibited worrisome practices for years.

    I work in the field of modeling & simulation supporting training and flight testing for the Army. Time and again when I've tried to find an ICD (interface control document) or spec on a low-level protocol for some box on an Apache Longbow in the end it discovered that the Government never bought said document from the manufacturer (McDonnell-Douglas, or now, Boeing). Each thing is simply an LRU (line-replaceable unit) black box whose innards are irrelevant -- the I/O is documented but when they fail the box goes back to the vendor for repair. And if you want the specs, call Boeing and they'll be happy to talk sales. US DoD acts this way in the name of "cutting costs" and the up-front bottom line probably is lower. For US companies, such as Boeing, this is no big deal since we're more or less all on the same team.

    Now, flash forward -- DoD is increasingly awarding aircraft contracts to non-US companies. Take the recent US Army LUH (Light Utility Helicopter) that went to EADS North America (or the Airforce tanker contract that went likewise to EADS). This same cost-cutting "don't need this spec or that spec" mentality is still used. Now you have entire military aircraft being delivered with large-scale black boxes (easier to build than counterfeiting chips) which are potentially just as rogue. Who's to say there's no malicious firmware in there? No one seems to be looking or caring. Can anyone prove that any given system isn't poised to intentionally upon receipt of some pre-planned stimuli?

    There's a lot more to worry about than "terrorists" -- mindless bureaucrats can be just as dangerous. The funny thing here is the opposition I've run into pushing for the adoption of Open Source tools. Despite a few agencies here and there employing Open Source with great success, a few memos of "endorsement," and a few official studies touting value, most DoD bureaucrats can't get past the "source is open to 'hackers' therefore must be a security threat" mentality.

    Department of Dumbasses, your US tax dollars at work.