Slashdot Mirror
Counterfeit Chips Raise New Terror, Hacking Fears
mattnyc99 writes "We've seen overtures by computer manufacturers to build in chip security before, but now Popular Mechanics takes a long look at growing worries over counterfeit chips, from the military and FAA to the Department of Energy and top universities. While there's still never been a fake-chip sabotage or info hack on America by foreign countries or rogue groups, this article suggests just how easy it would be for chips embedded with time-release cripple coding to steal data or bring down a critical network - and how that's got Homeland shaking in its boots (but not Bruce Schneier). While PopMech has an accompanying story on the possible end of cheap gadget manufacturing in China as inflation rates soar there, it's the global hardware business in general that has DoD officials freaking out over chips."
EVERYTHING is now a "terror threat".
Do you suppose someone figured out that "terror" is a funding goldmine? That the way to ride this gravy-train was to pump up the volume on the "terror" megaphone?
It's pretty funny - 'til the unintended consequences land you "in internal exile", or "extraordinary rendition".
"Flyin' in just a sweet place,
Never been known to fail..."
A construction worker was killed while torguing such a bolt while building the Saturn car factory. The head tore off and he fell to his death.
In the same article where I read this, a general complained that you could find broken bolts littering the ground in the path of tanks on training maneuvers.
There is a way to test bolts for strength, but it's expensive.
Request your free CD of my piano music.
This was only the beginning. Cant wait until next holiday season.
I didn't read TFA but is it suggesting that a highly advanced technology could be 'easily' counterfeited and delievered to US facilities? Assuming it would take another highly advanced country to do this... Doesn't this really mean war, not terror? If we find out a sovereign nation is attacking us through this channel I would call it war -- even if that means they are knowningly supplying terrorists with the chips instead of directly doing it themselves.
The US DoD depending on the global hardware business is the scariest implication to me.
And one more thing.. this almost sounds like it could be a back door for even stronger DRM technology, embedded in hardware, in our personal computers in the future. SO, how far off base am I this time?
I do not respond to cowards. Especially anonymous ones.
Indeed... the "War on Terror" is nothing more than various groups of people trying use terror to "hack our fears". The terrorists try to hack our fears to gain power over us, and the governments fighting them do the same.
I don't care if it's 90,000 hectares. That lake was not my doing.
You get what you pay for.
If you don't want counterfeit parts, pay for the appropriate controls and enforce them. The government has been trying to build government-class security and reliability on COTS technology for far too long.
If that means domestic production, so be it.
#!
I was wondering why my new "Gatemay" computer had an "Inpel Inside!" sticker on it.
Isn't this what the CIA did to the USSR? They purposely sold the Soviets Counterfeit CPUs and other technology so their economy would be based on faulty technology.
In fact, it culminated in the mid 80's when a brand new pipeline was turned on with turbines taken from America via a Canadian intermediary. The turbines purposely malfunctioned and the resulting blast was about 1/4 the size of Hiroshima. Taking out such an important oil pipeline made a non-trivial dent in the Soviet economy.
Look up the "Farewell Dossier".
What is old is new again.
The easy way to attack remote systems at the hardware level would be to preload a back-door key into Active Management Technology. All the hardware is already there to remote control the computer, without any help from the operating system. By default, this feature is supposed to be disabled. But a minor firmware change, initializing the AMT unit with a second hidden key instead of leaving it disabled, would make it possible to take over any corrupted machine from a level below the OS.
AMT is the latest form of this, but there's also ASF (AMD's version), and RCMP (works over UDP, while AMT is a web service).
This is tough to detect, short of cutting open the network controller chip and tracing the wiring with a scanning electron microscope. That's quite possible and tools for it exist, but it's not cheap.
I wanted to mod this up (funny), but I decided to comment instead...
:-)
My brother has a Shrap calculator. (Yes, S-H-R-A-P, not Sharp). The lettering looks exactly like the lettering used by Sharp during that time period (1980s). He keeps it for the humor value.
"From Shrap minds come shrap products..."
This kind of thing really does happen.
This kind of illicit technology is usually (not always) about making a buck. It's cheaper to exploit software than physical chips.
Fix the world's software and then those industrious rogues might decide the expense and lengthy process of counterfitting physical chips is worthwhile compared to a quick piece of spyware.
In the early 1980's, the US produced intermittently buggy chips which we sold to the USSR in full knowledge that they'd disrupt production facilities. It worked very well. Why, then, wouldn't China do the same thing?
As someone who works in chip verification, I can tell you it's very difficult with most chips to do this, as long as the chips are designed in the US -- which is still largely the case, that they're designed here and produced in fabs in China (because labor's cheap and they don't care if their workers are exposed to HF and silane as long as money's coming in.)
You know *exactly* what size your chip die is. If the silicon comes back from the fab with a different-sized die, it will be very obvious. So nobody can put extra stuff onto an existing die. Die size is the single most critical aspect of most designs, because of the cost, so existing designs are jammed just as tightly as they can possibly be. You can't put more functionality into an existing die size. The problem, then, is letting your design out. (And even then, a competent chip designer could probably spot strange material on a smaller die because they're familiar with how the layout is supposed to look.)
There are some amazing military-grade chips out there. I was reading about the Maxim DS3600 the other day -- on-chip encryption and tamper-sensing, including detecting temperature changes and reacting by blanking all the on-board memory and stored encryption keys in nanoseconds, far faster than dumping liquid helium onto the chip would be able to freeze the memory for decoding. (They use some whack process for continually load-levelling and rewriting the keys so you can't use stored oxide charge to read what was there before it got blanked, either.) That kind of stuff is on the common market, available for anyone to buy. I assume the military has better stuff yet, and espionage people even better.
At the end of the day you have to be able to trust someone or you'll just crouch in your basement. But there are ways to verify a chip's functionality and look for clearly bogus interactions. Our chip test systems make it easy to distinguish chips from different silicon lots, much less from different fabs. As always, if you buy the cheap stuff you don't know what you're getting, but if you spend the money to do some research, you'll have a much, much better idea of what you're getting. In this case, money in the millions of dollars, granted, but if you're designing military-grade stuff, well, that's why you buy from companies with a track record of producing trustworthy stuff.
Nostalgia's not what it used to be.
One can find genuine reason to be worried with the US military without ever worrying over a problem so clever as counterfeit chips. US DoD has routinely exhibited worrisome practices for years.
I work in the field of modeling & simulation supporting training and flight testing for the Army. Time and again when I've tried to find an ICD (interface control document) or spec on a low-level protocol for some box on an Apache Longbow in the end it discovered that the Government never bought said document from the manufacturer (McDonnell-Douglas, or now, Boeing). Each thing is simply an LRU (line-replaceable unit) black box whose innards are irrelevant -- the I/O is documented but when they fail the box goes back to the vendor for repair. And if you want the specs, call Boeing and they'll be happy to talk sales. US DoD acts this way in the name of "cutting costs" and the up-front bottom line probably is lower. For US companies, such as Boeing, this is no big deal since we're more or less all on the same team.
Now, flash forward -- DoD is increasingly awarding aircraft contracts to non-US companies. Take the recent US Army LUH (Light Utility Helicopter) that went to EADS North America (or the Airforce tanker contract that went likewise to EADS). This same cost-cutting "don't need this spec or that spec" mentality is still used. Now you have entire military aircraft being delivered with large-scale black boxes (easier to build than counterfeiting chips) which are potentially just as rogue. Who's to say there's no malicious firmware in there? No one seems to be looking or caring. Can anyone prove that any given system isn't poised to intentionally upon receipt of some pre-planned stimuli?
There's a lot more to worry about than "terrorists" -- mindless bureaucrats can be just as dangerous. The funny thing here is the opposition I've run into pushing for the adoption of Open Source tools. Despite a few agencies here and there employing Open Source with great success, a few memos of "endorsement," and a few official studies touting value, most DoD bureaucrats can't get past the "source is open to 'hackers' therefore must be a security threat" mentality.
Department of Dumbasses, your US tax dollars at work.