Slashdot Mirror
Backdoor Found In China-Made US Military Chip?
Hugh Pickens writes "Information Age reports that the Cambridge University researchers have discovered that a microprocessor used by the US military but made in China contains secret remote access capability, a secret 'backdoor' that means it can be shut off or reprogrammed without the user knowing. The 'bug' is in the actual chip itself, rather than the firmware installed on the devices that use it. This means there is no way to fix it than to replace the chip altogether. 'The discovery of a backdoor in a military grade chip raises some serious questions about hardware assurance in the semiconductor industry,' writes Cambridge University researcher Sergei Skorobogatov. 'It also raises some searching questions about the integrity of manufacturers making claims about [the] security of their products without independent testing.' The unnamed chip, which the researchers claim is widely used in military and industrial applications, is 'wide open to intellectual property theft, fraud and reverse engineering of the design to allow the introduction of a backdoor or Trojan', Does this mean that the Chinese have control of our military information infrastructure asks Rupert Goodwins? 'No: it means that one particular chip has an undocumented feature. An unfortunate feature, to be sure, to find in a secure system — but secret ways in have been built into security systems for as long as such systems have existed.'" Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.
This is all Steve Jobs' fault. I blame him.
It sells...
Even if this case turns out to be a false alarm, allowing a nation that you repeatedly refer to as a 'near-peer competitor' to build parts of your high-tech weaponry is idiotic.
Would somebody please tease out something a little more credible?
"Extraordinary claims require extraordinary evidence..."
The original article is here.
It refers to an Actel ProAsic3 chip, which is an FPGA with internal EEPROM to store the configuration.
The determined Real Programmer can write Fortran programs in any language.
Either the claims will be backed up by independently reproduced tests or they won't. But, given his apparent track record in this area and the obvious scrutiny this would bring, Skorobogatov must have been sure of his results before announcing this.
Here's his publications list from his University home page, FWIW:
http://www.cl.cam.ac.uk/~sps32/#Publications
Burns: We're building a casino!
McAllister: Arrr. Give me 5 minutes.
I note that the researcher's name is Russian for "soon [to be] rich."
Feel free to draw your own conclusions.
--T
Even though this story has been blowing-up on Twitter, there are a few caveats. The backdoor doesn't seem to have been confirmed by anyone else, Skorobogatov is a little short on details, and he is trying to sell the scanning technology used to uncover the vulnerability.
Hey hey HEY! You stop that right this INSTANT, samzenpus! This is Slashdot! We'll have none of your "actual investigative research" nonsense around here! Fear mongering to sell ad space, mister, and that's ALL! Now get back to work! We need more fluffy space-filling articles like that one about the minor holiday labeling bug Microsoft had in the UK! That's what we want to see more of!
This makes me think of undocumented test/debug interfaces. It might not have been included as a deliberate backdoor - it's possible that it's a debug interface used by the chip designer/manufacturer that's not intended to be used by the end user.
Before everyone starts freaking out about espionage/cyber warfare, just consider that this could just as easily been a careless oversight. Yes, this kind of interface should generally be disabled before shipping, but even so - failure to do so is still not necessarily malicious.
I thought the US military tried to make sure all its chips were made in the US (or NATO countries?) for this exact reason. I'm pretty sure there are still some chip plants in the US.
Also what makes you think that this hasn't happened the other way round, many times already? How many iOS, Microsoft or Android powered devices are in use by the Chinese military?
major design flaw not the fault of an american engineer....
researchers have discovered that a microprocessor used by the US military
What chip? What does it do? Is it important? There are lots of chips in use that in no way shape or form are sensitive or important and the presence of a back door would be meaningless. Just because the military uses it doesn't mean anything by itself. This "article" sounds like someone trying to justify a research grant or a company trying to generate fear to sell a competing product.
From TFA:
Today we released the drafts of our full papers on QVL technology due to accidental publicity, because someone put the link to our very old drafts of abstracts on Reddit.
This is a security guy I would trust, yessir.
Not sure how exciting this is, as they needed physical access to the chip to get anything out of it.
Why would a country not pay (or direct) a company to create products with particular subtle flaws ?
It would cost 1000x more to discover and leverage a known flaw, than to just get an engineer to insert one - with or without the blessing of his management.
The future is not bright.
The US might even consider leaving such "features" in for their co-partners on the Joint Strike Fighter program to not know about. http://www.reuters.com/article/2009/11/24/us-lockheed-fighter-exclusive-idUSTRE5AN4JX20091124 Is that a good thing? Well, not when others have the source code too. Then it become a liability. http://online.wsj.com/article/SB124027491029837401.html
That entire article reads more like a press release with FUD than anything with any facts.
Which chip?
Which manufacturer?
Which US customer?
No facts and LOTS of claims. It's pure FUD.
(Not that this might not be a real concern. But the first step is getting past the FUD and marketing materials and getting to the real facts.)
I've seen this is other products made in China and sold globally. The government has a list of electronics and manufacturers they cannot buy and cannot let into government facilities.
It's been alleged that printers were sold to Iraq that had devices that guided cruise missiles or guided bombs to their targets in one of the Iraq wars. Most computers, printers and other office accessories are now made in the far east (China?) and who knows what's in them.
Absolutely.
The US military should have a strict policy of only buying military parts from sovereign, free, democratic countries with a long history of friendship, such as Israel, Canada, Europe, Japan and South Korea.
And a preference should be given to American-made parts, since you need domestic factories to mobilise in times of war.
Call me an idiot or naive but I thought, especially because of security issues, the us military would make their own chips instead of asking another country or corporation to do it.
Paranoid libertarians don't notice that headline isn't statement? Slashdot a cesspool of idiots? We will never see real stories again?
A couple decades ago, the US security agencies pushed hard for the industry to standardize on a encryption chip that allowed legal wiretaps. Unfortunately, it wasn't as secure as they thought and actually allowed rather easy decryption.
Of course, that was due to stupidity, not malice.
Chinese leaders are in a cold war with the west. As such, it is far cheaper and easier to be able to shut down an adversaries equipment if you are manufacturing it for them. If the west would quit being foolish, they would insist on equipment made in secured companies. And Google has already proved that nothing in China is secured from the gov.
I prefer the "u" in honour as it seems to be missing these days.
Looks like my railing against the inherent weaknesses in FPGAs and the need to ditch the fabless model for the sake of quality control wasn't just hot air.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
This is more a lesson of piracy and picking the lowest-bidder than anything else.
When China undercuts other nations manufacturing by pirating their IP, without any clue what some bits do, it introduces bugs, backdoors and quality issues. I don't know why on earth the US Military would ever buy IC's from China for use in domestic military, but such is the folly of outsourcing to the lowest bidder.
If the US wants to avoid this blunder again, they'll only purchase semiconductor parts made in the US. Things like the A5 chip in the iPhone doesn't matter a whole lot when it's in consumer devices because a 500$ iphone isn't going to be part of a 500 million dollar stealth jet.
As everyone should have learned from the Iranian Nuclear centrifuges, if it's of critical military or infrastructure value, you make it yourself and don't steal foreigners designs, because those designs may have backdoors in them.
Yes, it's not possible to do this all the time, but the US Military should just bankroll a chipfab and design house and have all US Military chips produced in-house and checked against public sources to see if there are backdoors before purchasing additional supply from the public.
There is no China link to the backdoor yet. The only reference to China is in the Slashdot article title.
i actually think i saw a "Made in China" bumper sticker on our drones.
CYLONS! Wait, where is #6?
The back-door described in the white paper requires access to the JTAG (1149.1) interface to exploit. Most deployed systems do not provide an active external interface for JTAG. With physical access to a "secure" system based upon these parts, the techniques described in the white paper allow for a total compromise of all IP within. Without physical access, very little can be done to compromise systems based upon these parts.
Sun Tzu said the greatest victory is one which doesn't require a shot. One won by subverting the enemy from within.
What greater subversion can there be than to convince the enemy to hire you to build their weapon's systems components?
Apparently the American Military (and probably that of the rest of the world) hasn't bothered reading any "classic" literature on warfare before signing on the dotted line...
I do not fail; I succeed at finding out what does not work.
1) Read the paper http://www.cl.cam.ac.uk/~sps32/Silicon_scan_draft.pdf
2) This is talking about FPGAs designed by Microsemi/Actel.
3) The article focuses on the ProAsic3 chips but says all the Microsemi/Actel chips tested had the same backdoor including but not limited to Igloo, Fusion and Smartfusion.
4) FPGAs give JTAG access to their internals for programming and debugging but many of the access methods are proprietary and undocumented. (security through obscurity)
5) Most FPGAs have features that attempt to prevent reverse engineering by disabling the ability to read out critical stuff.
6) These chips have a secret passphrase (security through obscurity again) that allows you to read out the stuff that was supposed to be protected.
7) These researchers came up with a new way of analyzing the chip (pipeline emission analysis) to discover the secret passphrase. More conventional anaylsis (differential power analysis) was not sensitive enough to reveal it.
This sounds a lot (speculation on my part) like a deliberate backdoor put in for debug purposes, security through obscurity at it's best. It doesn't sound like something secret added by the chip fab company, although time will tell. Just as embedded controller companies have gotten into trouble putting hidden logins into their code thinking they're making the right tradeoff between convenience and security, this hardware company seems to have done the same.
Someone forgot to tell the marketing droids though and they made up a bunch of stuff about how the h/w was super secure.
...American.
This, of course, means the USA needs to produce too.
to buy only from your country's manufacturers. You are the government and you buy, lets say, 20% of a product. But 80% is consumed by the commercial market which buys on price. You either have to subsidize in-your-country manufacturing or accept the fact that manufacturing of the product you want to buy is fleeing to the low cost provider countries (which isn't always China). And the supply chain for that product has moved too. Welcome to practical economics.
Think of buying a computer made today in the US...you choose the boards, chips made by the in-country supplier but most of the boards, chips in your computer come from a second, third or forth country. And with R&D shops being set up in multiple low labor cost countries, by the third generation you have lost any assurance you might have had...not to mention that a second/third/etc country loyalist could have been making, designing, or altering the chips characteristics even though the chip was designed in your country and made in your country.
An almost impossible situation.
From the draft paper's conclusion:
We investigated the PA3 backdoor problem through Internet searches, software and hardware analysis and found that this particular backdoor is not a result of any mistake or an innocent bug, but is instead a deliberately inserted and well thought-through backdoor that is crafted into, and part of, the PA3 security system. We analysed other Microsemi/Actel products and found they all have the same deliberate backdoor. Those products include, but are not limited to: Igloo, Fusion and Smartfusion. The PA3 is heavily marketed to the military and industry and resides in some very sensitive and critical products. From Google searches alone we have found that the PA3 is used in military products such as weapons, guidance, flight control, networking and communications. In industry it is used in nuclear power plants, power distribution, aerospace, aviation, public transport and automotive products.
If this turns out to be true or not, I think the fact the US military is having its secrets "made in China" while the US is actively trying to convince its populous that they're under cyber attacks, really contradicts itself but should at least raise some good questions in public & congress.
Fear mongering. It sells...
The fear of backdoors and data snooping are a bit hysterical.
However the fear of a chip being remotely shutdown, possible damaged, is quite plausible and a far more practical method of attack.
Memo from China: "Sir this memo is to inform you that you were undercharged for your military chips. The inclosed invoice is for $5 per chip for the "extra" backdoor "feature". Please enclose a certified check in the enclosed envelope along with a copy of the invoice. Please mail to: Norinko Beijing, China Thank you for your cooperation in this unfortunate error. If we need any further info we will use our new "feature" to get it. Sincerely, General (name redacted)
I'm old, not dead. Well that's my 2 cents worth, your mileage may vary. I say what I think, not what you want to hear.
Try and find a modern digital IC of any size without a backdoor! It's called JTAG. Everyone has to design them in, they've not secrets. That's how the manufacturer tests each chip to see if it works or not. Often used in system development as well.
who would have thought!
I don't know if this specific backdoor is real, but would you be horribly surprised if you found out that your router, etc. had chips in it that could be remotely disabled with the right information fed to the device (e.g., repeated processing of a certain string of bytes in an incoming packet)?
Of course, this stunt could only be pulled off once, and may not work in every device. But it's not inconceivable for a military-industrial power to figure out how certain common chips are used in certain devices, figure out what the chips "see" during regular operation with certain inputs given to the device, and design an "enhancement" for this common chip that will cause it to behave differently when a certain type of signal is received.
Since they have control over their supply chain, it's not inconceivable that they might build this functionality into the chips and flood the market with them. They would have to keep doing this for years. We will be none the wiser until they invoke the capability during a true emergency scenario, when we find that a good percentage of our devices stop functioning for no apparent reason.
I don't know if certain people are really thinking this far ahead, but if they are there is little we can do about it -- except maybe to build custom hardware and hope for the best. Even if hardware were "open source" it's not trivial to open up chips and see what's really inside.
I'm sure the people building the truly mission critical stuff have thought about this and are fabricating their own ICs...
The chip is "FBI" ready!
Duh ! The FBI got just what they demanded/payed for. xD
Spy vs Spy all in the USA.
Barak should shout "Intercepted!" and take a tok on the bong.
LoL xD
If they can backdoor this FPGA then they can backdoor the JTAG programmer and the BIOS chip inside the computer running it. The PC receives a command through its compromised ethernet controller which then sends appended code to the JTAG programmer.
Only the State obtains its revenue by coercion. - Murray Rothbard
Just because the chips in question were fabricated in China does not mean the Chinese put a backdoor into the chips. One should look to actually designed the chip to determine who is behind this.
Have gnu, will travel.
We made our own chips. And the only reason we don't make our own chips is because people keep dicking around with the semiconductor companies when they want electricity and some regulation clarity about what they can and can't do.
That's why they left to asia. Think the price of labor matters at all in a semi conductor fab? Oh sure... it always matters but not so much that you'd leave the country. They're not paying people 2 dollars an hour in those fabs anywhere. You don a clean room suit and you're unlikely to be paid slave wages.
Government doesn't need to give these companies huge loans. Just a reasonable price for power and some protection from the insane enviros that would likely take issue with some aspect of the process to try and shut it all down.
It's officially a national security issue.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Even though this story has been blowing-up on Twitter, there are a few caveats
Even though? Really? Because normally Twitter is the most trustworthy news source?
systemd is Roko's Basilisk.
Where was this undocumented feature/bug designed in? I see plenty of "I hate China" posts, it would be quite hilarious if the fedgov talked the US mfgr into adding this backdoor, then the Chinese built it as designed. Perhaps the plan all along was to blame the Chinese if they're caught.
These are not military chips. They are FPGAs that happen to be used occasionally for military apps. Most of them are sold for other, more commercially exploitable purposes.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
the CHICOMs are going to win anyway - they're Bill Clinton's best friends!
Up here in Canada we used crypto gear we got from the US, but that was for a very practical reason: we had to be compatible with US military communications if we were in the field. As far as I know the equipment we used was identical to that being used by the US military at the time. I have no doubt they had more secure gear they only used internally, but its not like the stuff we used was substandard AFAIK.
I was a Communications Specialist in the Canadian Army and trained to use this gear.
"The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
If its in the Weekly World News* and it has an exclamation mark!
* Or Slashdot, lately!
Have gnu, will travel.
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
That said, it's still pretty bad, because hardware does occasionally end up in the hands of unfriendlies (e.g., crashed drones). FPGAs like these are often used to run classified software radio algorithms with anti-jam and anti-interception goals, or to run classified cryptographic algorithms. If those algorithms can be extracted from otherwise-dead and disassembled equipment, that would be bad--the manufacturer's claim that the FPGA bitstream can't be extracted might be part of the system's security certification assumptions. If that claim is false, and no other counter-measures are place, that could be pretty bad.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing. Also, a backdoor inserted that way would have to co-exist peacefully with all the other functions of the FPGA, a significant challenge both from an intellectual standpoint and from a size/timing standpoint--the FPGA may just not have enough spare capacity or spare cycles. They tend to be packed pretty full, 'coz they're expensive and you want to use all the capacity you have available to do clever stuff.
Actually, the U.S. does have a DoD-funded secure fabrication capability: see the Trusted Foundry program.
outsourcing for the win hahahah
Is this the most obvious consequence to outsourcing or what ? When you take seriously the notion that all that matters is the profitability of your largest campaign contributors, is not the inevitable result that Reality will teach you just how wrong you were?
For years some of us have been saying just this is exactly inevitable and before us, the previous generation were saying the same thing. All we got back was BS from the likes of Dan Griswold and the CATO Institute about what Luddites we were.
We don't make critical parts to our own weapon systems. We outsource to our most likely long term opponent. Why do we do that? So large campaign contributors can make obscene profits by advantaging themselves of cheap (but getting less cheap) labor.
Does this change anyone's mind about campaign finance reform? Is money still a form of speech? Anyone in Congress care to review Citizens United v FEC? Or do we have to wait until it's just too late?
The operative word is TRADER.
What is "insane" is allowing corporations to get away with extreme externalization of their costs. If responsible production costs more then the products will cost more and something must be done to prevent irresponsible production from gaining an advantage; otherwise, it is a race to the depths of human depravity. The concepts involved here are rather elementary but somehow people turn off their brains or something is hindering their mental development.
On the extremes, some people still don't care. If my neighbor's SUV ran on people (soylent green) from other cultures he would not change...
Now most people rather not think (or just not think) about the harm they indirectly cause when it is a few steps removed; there are plenty of studies showing the more indirect you get the further people will do horrible things even when they KNOW they are doing it.
The tariff was the weapon of choice before we unilaterally disarmed ourselves. Welcome to the race to the bottom.
PS: robotics will eventually win at the bottom as they replace economic slaves for their lower cost and higher performance. Productivity will rise, job demand will fall, people will work harder and harder in a futile effort to compensate their relatively decreasing cost/benefit ratio. Meanwhile, the Japanese seem determined to replace women with machines ;-)
Democracy Now! - uncensored, anti-establishment news
So when you guys bug Boeing jets and backdoor Microsoft Windows, this is all well and good, but there might be a backdoor in a Chinese made chip, and it's pitchforks and torches?
As usual the Western hypocrisy reveals itself again. But of course, just like in a sports match, your team has never committed a foul, while everything the other team does is a foul?
FPGAs commonly protect user-code with encryption. An encryption engine is included in the silicon to which the user has limited access to crypto=keys with which to encrypt the code that is installed in ROM/Flash.
A number of attacks are known against microcontrollers/FPGAs that secure code with encryption - notably differential power analysis (DPA) which works by connecting a current probe to the chip, and collecting measurememnts of energy consumption as the device performs an authentication operation. By carefully, measuring power traces over thousands of authentication operations, statistical analysis can reveal clues about the internal secret keys; potentially allowing recovery of the key within useful periods of times (minutes to hours).
These secure FPGAs contain a heavily obfuscated hardware crypto-engine, with lots of techniques to obstruct DPA (deliberately unstable clocks, heavy on-chip RC power filtering, random delay stages in the pipeline, multiple "dummy" circuits so that an operation which would normally require fewer transistors than an alternative, has its transistor count increased, etc.). The idea being that these countermeasures reduce the DPA signal and increase the amount of noise, making recovery of useful statistics impractical. In their papers, this group admit that the PA3 FPGAs are completely impervious to DPA, with no statistical clues obtained even after weeks of testing.
This group have developed a new technique which they call PEA which is a much more sensitive technique. It involves extracting the FPGA die, and mapping the circuits on it - e.g. using high-resolution infra-red thermography during device operation to identify "interesting" parts of the die by heat production under certain tasks - e.g. caches, crypto pipelines, etc. Having identified interesting areas of the die, an infra-red microscope with photon counter is focused on the relevant circuit area. As it happens, transistors glow when switched, emitting approx 0.001 photons per switching operation. The signal from the photon counter is therefore analogous to the DPA signal, but with a much, much stronger signal-to-noise ratio, allowing statistical analysis with far fewer tries. The group claim the ability to extract the keys from such a secure FPGA in a few minutes of probing with authentication requests.
The researchers claim to have found the backdoor, by fuzzing the debug/programming interface, and finding an undocumented command that appeared to trigger a cryptographic authentication. By using their PEA technique against this command, they were able to extract the authentication key, and were able to open the backdoor, finding they were able to directly manipulate protected parameters of the chip.
In time of peace, war goods go missing at all stages of the development process -- design, prototyping, demos and trade shows, manufacturing, delivery, storage and use by the armed services and our supposed allies. In time of war, it's left behind on the battlefield, shot over the enemy's borders, sunk into the deep blue sea. The military does it's best to control access but only 100% will do, and that's impossible. So backdoors are a bad thing.
"If you're not passionate about your operating system, you're married to the wrong one."
The US government actually mandates this... http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act
Well, surprise! Surprise! Surprise!
Of course, it's all about defense industry profits, not actual defense. As long as defense contractors are allowed to outsource components, or must purchase offshore components, this is going to happen, and with increasing frequency. The Chinese are not stupid and can spot an obvious attack vector. Even if they have no immediate plans to use these backdoors, they'd be foolish NOT to put them in. And since the government and industry are so intertwined in China, you have a near guarantee that this strategy will be used.
Not that this is a secret to the US military. It's just that nobody with decision making power in the USA actually gives a crap about the USA anymore. If you're wealthy enough, you can live anywhere. If a war breaks out, you can bet all the rich lobbyists, ex-military brass, subcontractors and subcontractors will rapidly relocate somewhere safe, leaving the poor and the stupid on both sides to slaughter each other.
Please do not read this sig. Thank you.
You have to digg up yourself if you want sources, but apparently the chip is Actel ProASIC3.
They do nothing!
Now or tomorrow may be TOO LATE!!!
Was the chip designed by Dr. Gaius Balthar?
This is a physical-access backdoor. You have to have your hands on the hardware to be able to use JTAG. It's not a "remote kill switch" driven by a magic data trigger, it's a mechanism that requires use of a special connector on the circuit board to connect to a dedicated JTAG port that is simply neither used nor accessible in anything resembling normal operation.
Surreptitiously modifying a system in place through the JTAG port is possible, but less of a threat: the adversary would have to get access to the system and then return it without anyone noticing.
As someone else mentioned in another post, physical access can be a bit of a misnomer. Technically all that is required is for a computer to be connected via the JTAG interface in order to exploit this. This might be a diagnostic computer for example. If that diagnostic computer were to be infected with a targeted payload, there is your physical access.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Comment removed based on user account deletion
So, you're saying what's good for the goose is not so good for the gander. Why should the USA (FBI) have back door access to all of our facebook, twitter posts, while others should not have access to their private wares. The country,itself, is just one huge contradiction.
That's how they chose to economize?
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
http://erratasec.blogspot.com/2012/05/bogus-story-no-chinese-backdoor-in.html
Bogus story: no Chinese backdoor in military chip
"Today's big news is that researchers have found proof of Chinese manufacturers putting backdoors in American chips that the military uses. This is false. While they did find a backdoor in a popular FPGA chip, there is no evidence the Chinese put it there, or even that it was intentionally malicious.
Furthermore, the Actel ProAsic3 FPGA chip isn't fabricated in China at all !!
Muchas Gracias, Señor Edward Snowden !
And no one remembers the 6805 which could be read out even when protected, it had a simple flaw in its programming/verifying bootcode which meant that the full chip could be dumped in around 30 seconds, and the funny thing is we found the reader last week in a pile of our old programmers/emulators.
joolz
a connection used to test chips before shipping? who would have thunk it!
There was an unknown error in the submission.
Sovereign Immunity. You cannot sue the government without their permission, so it's not as easy as "just file in the appropriate court" when you're suing the government itself. Yes, it is that easy for suing anyone else.
What does that have to do with everything discussed so far? The posts you are replying to is talking about companies (defense contractors and a hypothetical chip manufacturing) suing a 3rd party agent for raising a false alert (which would most likely be dropped trivially). There is no mentioning of the government. Moreover, sovereign immunity, though an existing term, it is not a generic blank statement that the government (be it at the federal, state or local level) can pull out of its ass whenever someone has a grievance - not to mention that it is up to the judge to decide if a sovereign immunity defense (and the suit) has any merits.
"Where did you learn to sabotage chips like that?"
"I learned it from watching you!"
http://en.wikipedia.org/wiki/Siberian_pipeline_sabotage
"I opened my eyes, and everything went dark again"
A good explanation of the FUD is contained in the very name of the "researcher" - Skorobogatov. He really, really wants to be rich, and soon!
No different than the chips in the bubble jet printers in Iraq that had transponders in them used to guide smart bombs... That's what you get when you buy foreign unfortunately... Time to rethink and bring back manufacturing home, you know, for the Economy, jobs and security's sakes...
End of Line.
What was mostly likely discovered is one of the myriad of built-in test modes that complex ICs have designed in for production testing. JTAG/BIST as most people know it (and most don't at all) only is sufficient for some digital validation. Usually ICs have additional custom test modes specific the particular IC's design. These have been around for a very long time.
These test modes can be simply testing modes. For example memories often need to be tested for "program/erase disturb" where writing a bit accidentally alters an adjacent memory cell. For this you typically add specific circuitry that gives you access to the memory array cells in ways that is not standard.
These test modes can also be for "sparing" which allows you to suffer a "fatal manufacturing defect" yet recover the die by sparing out the failed circuitry and replacing it electrically with a "spare" copy. This is routinely used in processors, memory and FPGAs to boost yield.
That an academic would not have a clue about this is not surprising. Academia know virtually nothing about the real world and especially "icky" parts like manufacturing and business practices. The fact that this came form a country with virtually no semiconductor manufacturing also makes this cluelessness unsurprising. I would not expect much from either UK or US engineering schools in terms of knowing about these routine features of most ICs.
There is no requirement for alternative solutions when you are criticizing or even arguing against something.
Necessity is the mother of invention. Sometimes one must create a need. Stuff happens and people adapt, don't be a wimp.
Also, if you've been involved in any politics, you'd know that it is a lot like bargaining where you start out at extreme positions expecting to compromise nearer your actual position. Bans are a slow public process.
Democracy Now! - uncensored, anti-establishment news
If the US if gettting military chips from CHina YES of course they will have hidden Backdoors. Yes even the US military are morons...
Well, when the Chinese neutralize all our military hardware, invade, then kill off all of the
greedy industrialists who decided to have ANYTHING our military uses be made in China,
then they will have earned their just desserts. Either that, or those citizens left over from
the invasion will hunt down and take care of the turkeys themselves. After all, what good
will all their money do them then?
So a series of equipment with this chip in it needs a "field upgrade". The field technicians, whether contractors or military technicians, are using hardware to hook up to this JTAG port to load new code into the FPGA. Hmm... No vulnerabilities there/what could possibly go wrong.
Isn't this kind of how Stuxnet was propagated to Iranian centrifuge PLCs?