Slashdot Mirror

← Back to Stories (view on slashdot.org)

DARPA Sponsors a Hunt For Malware In Microchips

Posted by timothy on from the double-barreled-microscope-loaded-for-vermin dept.

Phurge links to an IEEE Spectrum story on an interesting DARPA project with some scary implications about just what it is we don't know about what chips are doing under the surface. It's a difficult problem to find invasive or otherwise malicious capabilities built into a CPU; this project's goal is to see whether vendors can find such hardware-level spyware in chips like those used in military hardware. Phurge excerpts: "Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. ... In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can."

5 of 106 comments (clear)

  1. All about China by elrous0 · · Score: 4, Insightful
    It cracks me up how the U.S. government is always taking ludicrous steps to "protect national security," fighting off hacker attacks with billions of dollars in specialized firewalls and security, using NSA backdoors into windows, etc. And all the while they're lecturing us on all these heavy-handed precautions, they're doing EVERYTHING, classified and not, on computers built largely of Taiwanese and Chinese manufactured chips and motherboards.

    Looks like someone finally clued these geniuses of national security in on the obvious Archilles' heel in their web of protection.

    I just hope our clueless protectors have at least had the common sense to slip in some spys at that new big "Fab 68" Intel plant they're building in China.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  2. Speaking from a military perspective by Erie+Ed · · Score: 3, Interesting

    This is going to be a huge issue in the future. Another reason why buying anything not made in the US is a bad idea. We have MIL-Spec products for almost everything, yet most of our comm equpiment is simply COTS with slight modifications to the software/hardware. I'd really like to see intel/amd move operations back to the states just for this reason, also it would be a benifit to the government and the american people. The government gets what they want secure, malware free chips, and americans get good paying jobs back.

    1. Re:Speaking from a military perspective by Applekid · · Score: 3, Insightful

      Although I do agree from a military perspective the less reliance on others is probably for the best, "Made in the USA" is not an alternate spelling of "exploit-free".

      --
      More Twoson than Cupertino
  3. A state of the art problem by btarval · · Score: 3, Interesting

    Well, considering that the current wave in high-tech is to outsource the hardware development, it's a very valid concern.

    Here's a classic example. Startups in Silicon Valley prefer not to bring in a hardware team to develop a new box from scratch, especially when they can just buy a COTS box elsewhere for the first round. The Imaginary Property resides in the Software Apps that they can develop to run on these boxes.

    Consequently, they contract out with companies that used to be known for their motherboards, but who have moved up and will sell you a complete cutting edge system, and customize it to meet your needs. No hardware development time is required, and it's a lot cheaper.

    The catch is that, in order to support these boxes, the Startup or the customer MUST NEVER OPEN THEM. If you do, you void the warranty. At $10,000-$20,000 per box (in the storage biz) that's a very strong incentive to never ever peek inside.

    Add to that proprietary IPMI cards.

    In short, these boxes are the best backdoor into an Organizations' IT infrastructure. You'd be surprised at the big, well-known names currently deploying them.

    The beauty of this approach is that most of these companies are based in Taiwan. Simply put, with little effort, Taiwan gets to own both China and the U.S. at the same time. That would be amusing if it weren't so sad.

    --
    The best way to predict the future is to create it. - Peter Drucker.
  4. Speaking as a chip designer... by stevew · · Score: 4, Informative

    I find this intersting.

    I deal with foreign fab houses on every project. The odd things is that most of the backend software used by these fab houses are sold by American companies (much of which is written in India).

    There is a step in the process where a point tool (one not written by the fab house - but again an American company) is used to re-extract the design out from the polygons that describe the silicon to be fabbed. This is compared to the source gate level design I originally supplied using formal verification methods. This is done by me.

    So I suppose someone could surreptitiously change the gates I'm getting back to hide what is being inserted in there (not an easy thing to do all by itself at this level) There are places where it could be done in the process.

    At the same time - to add additional logic to a design you are not well versed in is REALLY difficult.

    --
    Have you compiled your kernel today??