Slashdot Mirror

← Back to Stories (view on slashdot.org)

DARPA Sponsors a Hunt For Malware In Microchips

Posted by timothy on from the double-barreled-microscope-loaded-for-vermin dept.

Phurge links to an IEEE Spectrum story on an interesting DARPA project with some scary implications about just what it is we don't know about what chips are doing under the surface. It's a difficult problem to find invasive or otherwise malicious capabilities built into a CPU; this project's goal is to see whether vendors can find such hardware-level spyware in chips like those used in military hardware. Phurge excerpts: "Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. ... In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can."

2 of 106 comments (clear)

  1. All about China by elrous0 · · Score: 4, Insightful
    It cracks me up how the U.S. government is always taking ludicrous steps to "protect national security," fighting off hacker attacks with billions of dollars in specialized firewalls and security, using NSA backdoors into windows, etc. And all the while they're lecturing us on all these heavy-handed precautions, they're doing EVERYTHING, classified and not, on computers built largely of Taiwanese and Chinese manufactured chips and motherboards.

    Looks like someone finally clued these geniuses of national security in on the obvious Archilles' heel in their web of protection.

    I just hope our clueless protectors have at least had the common sense to slip in some spys at that new big "Fab 68" Intel plant they're building in China.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  2. Speaking as a chip designer... by stevew · · Score: 4, Informative

    I find this intersting.

    I deal with foreign fab houses on every project. The odd things is that most of the backend software used by these fab houses are sold by American companies (much of which is written in India).

    There is a step in the process where a point tool (one not written by the fab house - but again an American company) is used to re-extract the design out from the polygons that describe the silicon to be fabbed. This is compared to the source gate level design I originally supplied using formal verification methods. This is done by me.

    So I suppose someone could surreptitiously change the gates I'm getting back to hide what is being inserted in there (not an easy thing to do all by itself at this level) There are places where it could be done in the process.

    At the same time - to add additional logic to a design you are not well versed in is REALLY difficult.

    --
    Have you compiled your kernel today??